diff --git a/doc/man3/SSL_get_session.pod b/doc/man3/SSL_get_session.pod index 33b365d337a5072a7cfa131f1ae342cb08d15f74..b2e92af2efcfe966247dd911c71352103c64c6ee 100644 --- a/doc/man3/SSL_get_session.pod +++ b/doc/man3/SSL_get_session.pod @@ -26,19 +26,19 @@ count of the B is incremented by one. =head1 NOTES The ssl session contains all information required to re-establish the -connection without a full handshake for SSL versions <= TLSv1.2. In TLSv1.3 the -same is true, but sessions are established after the main handshake has occurred. -The server will send the session information to the client at a time of its -choosing which may be some while after the initial connection is established (or -not at all). Calling these functions on the client side in TLSv1.3 before the -session has been established will still return an SSL_SESSION object but it -cannot be used for resuming the session. See L for -information on how to determine whether an SSL_SESSION object can be used for -resumption or not. - -Additionally, in TLSv1.3, a server can send multiple session messages for a -single connection. In that case the above functions will only return information -on the last session that was received. +connection without a full handshake for SSL versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +SSL_SESSION object but that object cannot be used for resuming the session. See +L for information on how to determine whether an +SSL_SESSION object can be used for resumption or not. + +Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received. The preferred way for applications to obtain a resumable SSL_SESSION object is to use a new session callback as described in L.