diff --git a/ChangeLog b/ChangeLog index 796ff2212..9fb42024d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,10 +38,12 @@ Features ServerHello. * Add new configuration option MBEDTLS_SSL_PROTO_NO_TLS that enables code size savings in configurations where only DTLS is used. - * Add new configuration option MBEDTLS_SSL_NO_SESSION_CACHE that can be used - to disable cache based session resumption - * Add new configuration option MBEDTLS_SSL_NO_SESSION_RESUMPTION that can be - used to disable session resumption feature entirely. + * Add new configuration option MBEDTLS_SSL_NO_SESSION_CACHE that enables + code size savings in configurations where cache-based session resumption is + not used. + * Add new configuration option MBEDTLS_SSL_NO_SESSION_RESUMPTION that + enables code size savings in configurations where no form of session + resumption is used. API Changes * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 734a38ffd..29ff97a02 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1666,14 +1666,16 @@ * * Requires: !MBEDTLS_SSL_NO_SESSION_RESUMPTION * - * Comment this macro to disable support for SSL session tickets + * Comment this macro to disable support for SSL session tickets. */ #define MBEDTLS_SSL_SESSION_TICKETS /** * \def MBEDTLS_SSL_NO_SESSION_CACHE * - * Disable support for cache based session resumption. + * Disable support for cache based session resumption. This is useful to + * reduce code size in configurations where cache-based session resumption is + * not used. * * This option is only about the server-side support of the session caches. * Client will only need !MBEDTLS_SSL_NO_SESSION_RESUMPTION to support @@ -1685,19 +1687,19 @@ * If MBEDTLS_SSL_NO_SESSION_RESUMPTION is defined, this needs to be defined * as well. * - * Uncomment this macro to disable support for SSL session cache + * Uncomment this macro to disable support for SSL session cache. */ //#define MBEDTLS_SSL_NO_SESSION_CACHE /** * \def MBEDTLS_SSL_NO_SESSION_RESUMPTION * - * Disable support for session resumption. This is useful in constrained - * devices where session resumption isn't used. + * Disable support for session resumption. This is useful to reduce code size + * in configurations where no form of session resumption is used. * * \note Session resumption is part of the TLS standard, disabling this * option means that the full implementation of the standard is no longer - * used. This shouldn't cause any interoperability issues as by the standard + * used. This shouldn't cause any interoperability issues as the standard * mandates that peers who want to resume a session need to be prepared to * fall back to a full handshake. * @@ -1715,7 +1717,7 @@ * or tickets, examples of which are provided by MBEDTLS_SSL_CACHE_C * and MBEDTLS_SSL_TICKETS_C respectively. * - * Uncomment this macro to disable support for SSL session resumption + * Uncomment this macro to disable support for SSL session resumption. */ //#define MBEDTLS_SSL_NO_SESSION_RESUMPTION