On 04/12/2016 07:27 AM, Alex Bligh wrote: > * Call out TLS into a separate section > > * Add details of the TLS protocol itself > > * Emphasise that actual TLS session initiation (i.e. the TLS handshake) can > be initiated from either side (as required by the TLS standard I believe > and as actually works in practice) > > * Clarify what is a requirement on servers, and what is a requirement on > clients, separately, specifying their behaviour in a single place > in the document. > > * Document the three possible modes of operation of a server. > > * Add text defining what 'terminate the session' means during > negotiation, and when it is available. > > Signed-off-by: Alex Bligh <alex@...872...> > --- > +#### SELECTIVETLS mode > + > + > +There is a degenerate case of SELECTIVETLS where all > +exports are TLS-only. This is permitted in part to make programming > +of servers easier. Operation is a little different from FORCEDTLS, > +as the client is not forced to upgrade to TLS prior to any options > +being processed, and the server MAY choose to give information on > +non-existent exports via NBD_OPT_INFO exports prior to an upgrade s/exports prior/responses/ > +to TLS. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature