It seems other implementations define the secure renegotiation flag to

be part of the connection rather than part of the session. That really
does make more sense, so go with it.

Changes the format of serialized sessions, but we already broke that
with the crypto change.

1 files changed, 8 insertions, 4 deletions

diff --git a/doc/relnotes/1_11_1.rst b/doc/relnotes/1_11_1.rst
index 79a304e50..8d46e04f3 100644
--- a/doc/relnotes/1_11_1.rst
+++ b/doc/relnotes/1_11_1.rst
@@ -20,10 +20,14 @@ from memory dumps (eg with a cold boot attack).
 The keys used in :cpp:func:`session encryption <TLS::Session::encrypt>`
 were previously uniquely determined by the master key. Now the
 encrypted session blob includes two 80 bit salts which are used in the
-derivation of the cipher and MAC keys. Sessions saved by 1.11.0 will
-not load in this version and vice versa. In both cases this will not
-cause any errors, the session will simply not resume and instead a
-full handshake will occur.
+derivation of the cipher and MAC keys.
+
+The ``secure_renegotiation`` flag is now considered an aspect of the
+connection rather than the session, which matches the behavior of
+other implementations. As the format has changed, sessions saved to
+persistent storage by 1.11.0 will not load in this version and vice
+versa. In either case this will not cause any errors, the session will
+simply not resume and instead a full handshake will occur.
 
 New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version`
 and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` were