From: Willy Tarreau Date: Wed, 29 Oct 2025 06:57:28 +0000 (+0100) Subject: DOC: config: slightly clarify the ssl_fc_has_early() behavior X-Git-Tag: v3.3-dev11~25 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=765d49b680dec9a1374af8ff1bb3e6a9260df532;p=thirdparty%2Fhaproxy.git DOC: config: slightly clarify the ssl_fc_has_early() behavior Clarify that it's about handshake *completion*, and also mention that the action to be used to wait for the handshake is "wait-for-handshake", which was not mentioned. This can be backported though it's very minor. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 35ab9c00b..4bcf4ea6b 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -25131,9 +25131,9 @@ ssl_fc_has_crt : boolean current SSL session uses a client certificate. ssl_fc_has_early : boolean - Returns true if early data were sent, and the handshake didn't happen yet. As - it has security implications, it is useful to be able to refuse those, or - wait until the handshake happened. + Returns true if early data were sent, and the handshake didn't complete yet. + As it has security implications, it is useful to be able to refuse those, or + wait until the handshake completes (via the "wait-for-handshake" action). ssl_fc_has_sni : boolean This checks for the presence of a Server Name Indication TLS extension (SNI)