romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:21:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

stop using the word 'just'

Browse source 
Everywhere. In documentation and code comments.

It is almost never a good word and almost always a filler that should be
avoided.

Closes #20793
This commit is contained in:
Daniel Stenberg 2026-03-02 23:41:35 +01:00
parent 4b583b7585
commit b4dba346cd
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
213 changed files with 727 additions and 772 deletions
Download patch file Download diff file Expand all files Collapse all files

18
docs/internals/TLS-SESSIONS.md
View file

@ -52,8 +52,8 @@ Examples:
same as the previous, except it is configured to use TLSv1.2 as
min and max versions.
Different configurations produce different keys which is just what
curl needs when handling SSL session tickets.
Different configurations produce different keys which is what curl needs when
handling SSL session tickets.
One important thing: peer keys do not contain confidential information. If you
configure a client certificate or SRP authentication with username/password,
@ -121,8 +121,8 @@ concurrent connections do not reuse the same ticket.
#### Privacy and Security
As mentioned above, ssl peer keys are not intended for storage in a file
system. They clearly show which hosts the user talked to. This maybe "just"
privacy relevant, but has security implications as an attacker might find
system. They clearly show which hosts the user talked to. This is not only
privacy relevant, but also has security implications as an attacker might find
worthy targets among your peer keys.
Also, we do not recommend to persist TLSv1.2 tickets.
@ -138,11 +138,11 @@ The salt is generated randomly for each peer key on export. The SHA256 makes
sure that the peer key cannot be reversed and that a slightly different key
still produces a different result.
This means an attacker cannot just "grep" a session file for a particular
entry, e.g. if they want to know if you accessed a specific host. They *can*
however compute the SHA256 hashes for all salts in the file and find a
specific entry. They *cannot* find a hostname they do not know. They would
have to brute force by guessing.
This means an attacker cannot "grep" a session file for a particular entry,
e.g. if they want to know if you accessed a specific host. They *can* however
compute the SHA256 hashes for all salts in the file and find a specific entry.
They *cannot* find a hostname they do not know. They would have to brute force
by guessing.
#### Import