From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 10 May 2016 08:30:52 +0000 (+0300)
Subject: Fix comment about v23 ciphers
X-Git-Tag: SQUID_4_0_11~29^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=28c02f9054eb2657c046fecdc4d8eaae9b5e96c8;p=thirdparty%2Fsquid.git

Fix comment about v23 ciphers

Also add the RFC links
---

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index 3a763b3983..6fe3fa5a23 100644
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -446,12 +446,12 @@ Security::HandshakeParser::parseV23Ciphers(const SBuf &raw)
 {
     Parser::BinaryTokenizer tk(raw);
     while (!tk.atEnd()) {
-        // The v2 hello messages cipher has 3 bytes. The v2 cipher has the
-        // first byte not null. In an v23 SSL Hello message both v2 and
-        // v3/tls ciphers can coexist.
-        // The supported ciphers list needed for Peek and Stare bumping
-        // modes where only SSLv3 and TLS protocols are supported so 
-        // we are ignoring the v2 ciphers.
+        // RFC 6101 Appendix E, RFC 5246 Appendix E2
+        // Unlike TLS, ciphers in SSLv23 Hellos are 3 bytes long and come in 
+        // two versions: v2 and v3. The two versions may co-exist in a single
+        // SSLv23 Hello. Only v3 ciphers have a first byte value of zero.
+        // The ciphers are needed for our peeking/staring code that 
+        // does not support SSLv2, so we ignore v2 ciphers.
         const uint8_t prefix = tk.uint8("prefix");
         const uint16_t cipher = tk.uint16("cipher");
         if (prefix == 0)