Fix comment about v23 ciphers

Also add the RFC links

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index 3a763b3983f1035aaa7c7cd8ba76ccb801dafd1a..6fe3fa5a237c3d65dd7f0764b937011746db20ab 100644 (file)
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -446,12 +446,12 @@ Security::HandshakeParser::parseV23Ciphers(const SBuf &raw)
 {
     Parser::BinaryTokenizer tk(raw);
     while (!tk.atEnd()) {
-        // The v2 hello messages cipher has 3 bytes. The v2 cipher has the
-        // first byte not null. In an v23 SSL Hello message both v2 and
-        // v3/tls ciphers can coexist.
-        // The supported ciphers list needed for Peek and Stare bumping
-        // modes where only SSLv3 and TLS protocols are supported so 
-        // we are ignoring the v2 ciphers.
+        // RFC 6101 Appendix E, RFC 5246 Appendix E2
+        // Unlike TLS, ciphers in SSLv23 Hellos are 3 bytes long and come in 
+        // two versions: v2 and v3. The two versions may co-exist in a single
+        // SSLv23 Hello. Only v3 ciphers have a first byte value of zero.
+        // The ciphers are needed for our peeking/staring code that 
+        // does not support SSLv2, so we ignore v2 ciphers.
         const uint8_t prefix = tk.uint8("prefix");
         const uint16_t cipher = tk.uint16("cipher");
         if (prefix == 0)