Change default policy to prohibit DTLS to minimize surprise.

Allow applications to send arbirary alert messages.

Add a new optional parameter to Channel which specifies how large to
make the IO buffers by default.

Add Channel::reset_state, and reset the IO buffers and cipher specs
after a fatal alert.

3 files changed, 42 insertions, 10 deletions

diff --git a/doc/relnotes/1_11_4.rst b/doc/relnotes/1_11_4.rst
index 91a33ae58..b33798a13 100644
--- a/doc/relnotes/1_11_4.rst
+++ b/doc/relnotes/1_11_4.rst
@@ -9,14 +9,29 @@ Version 1.11.4, Not Yet Released
   in x86 builds, relying on runtime cpuid checking to prevent their
   use on CPUs that do not support those operations.
 
+* The default TLS policy now only accepts TLS, to minimize surprise
+  for servers which might not expect to negotiate DTLS. Previously a
+  server would by default negotiate either protocol type (clients
+  would only accept the same protocol type as they
+  offered). Applications which use DTLS or combined TLS/DTLS need to
+  override :cpp:func:`Policy::acceptable_protocol_version`.
+
+* The TLS channels now accept a new parameter specifying how many
+  bytes to preallocate for the record handling buffers, which allows
+  an application some control over how much memory is used at runtime
+  for a particular connection.
+
+* Applications can now send arbitrary TLS alert messages using
+  :cpp:func:`TLS::Channel::send_alert`
+
+* A new TLS policy :cpp:class:`NSA_Suite_B_128` is available, which
+  will negotiate only the 128-bit security NSA Suite B. See
+  :rfc:`6460` for more information about Suite B.
+
 * Adds a new interface for benchmarking, :cpp:func:`time_algorithm_ops`,
   which returns a map of operations to operations per second. For
   instance now both encrypt and decrypt speed of a block cipher can be
   checked, as well as the key schedule of all keyed algorithms. It
   additionally supports AEAD modes.
 
-* A new TLS policy :cpp:class:`NSA_Suite_B_128` is available, which
-  will negotiate only the 128-bit security NSA Suite B. See
-  :rfc:`6460` for more information about Suite B.
-
 * Rename ARC4 to RC4
diff --git a/doc/relnotes/index.rst b/doc/relnotes/index.rst
index 633ac79bb..c905796ba 100644
--- a/doc/relnotes/index.rst
+++ b/doc/relnotes/index.rst
@@ -8,6 +8,7 @@ Series 1.11
 .. toctree::
    :maxdepth: 1
 
+   1_11_4
    1_11_3
    1_11_2
    1_11_1
diff --git a/doc/tls.rst b/doc/tls.rst
index df08c088a..93955d31c 100644
--- a/doc/tls.rst
+++ b/doc/tls.rst
@@ -113,6 +113,11 @@ available:
      A close notification is sent to the counterparty, and the
      internal state is cleared.
 
+   .. cpp:function void send_alert(const Alert& alert)
+
+     Some other alert is sent to the counterparty. If the alert is
+     fatal, the internal state is cleared.
+
    .. cpp:function:: bool is_active()
 
      Returns true if and only if a handshake has been completed on
@@ -181,7 +186,8 @@ TLS Clients
          RandomNumberGenerator& rng, \
          const Server_Information& server_info, \
          const Protocol_Version offer_version, \
-         std::function<std::string, std::vector<std::string> > next_protocol)
+         std::function<std::string, std::vector<std::string> > next_protocol, \
+         size_t reserved_io_buffer_size)
 
    Initialize a new TLS client. The constructor will immediately
    initiate a new session.
@@ -249,6 +255,12 @@ TLS Clients
    server advertises, and the client can select from them or return an
    unadvertised protocol.
 
+   The optional *reserved_io_buffer_size* specifies how many bytes to
+   pre-allocate in the I/O buffers. Use this if you want to control
+   how much memory the channel uses initially (the buffers will be
+   resized as needed to process inputs). Otherwise some reasonable
+   default is used.
+
 A simple TLS client example:
 
 .. literalinclude:: examples/tls_client.cpp
@@ -266,11 +278,13 @@ TLS Servers
           Credentials_Manager& creds, \
           const TLS::Policy& policy, \
           RandomNumberGenerator& rng, \
-          const std::vector<std::string>& protocols)
+          const std::vector<std::string>& protocols, \
+          bool reserved_io_buffer_size)
 
-The first 7 arguments are treated similiarly to the :ref:`client
-<tls_client>`.  The final (optional) argument, protocols, specifies
-the protocols the server is willing to advertise it supports.
+The first 7 arguments as well as the final argument
+*reserved_io_buffer_size*, are treated similiarly to the :ref:`client
+<tls_client>`.  The (optional) argument, *protocols*, specifies the
+protocols the server is willing to advertise it supports.
 
 .. cpp:function:: std::string TLS::Server::next_protocol() const
 
@@ -544,7 +558,9 @@ be negotiated during a handshake.
      Return true if this version of the protocol is one that we are
      willing to negotiate.
 
-     Default: True for all known protocol versions
+     Default: True if a known TLS version. DTLS is not accepted by default;
+     to enable DTLS (or combined TLS/DTLS) in your application, override this
+     function.
 
  .. cpp:function:: bool server_uses_own_ciphersuite_preferences() const