A TLS Server can now process either TLS or DTLS but not either,

with the setting set in the constructor. This prevents various surprising
things from happening to applications and simplifies record processing.

2 files changed, 38 insertions, 25 deletions

diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index e85b9a816..fab807863 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -234,7 +234,7 @@ TLS Clients
 
    Use *offer_version* to control the version of TLS you wish the
    client to offer. Normally, you'll want to offer the most recent
-   version of TLS that is available, however some broken servers are
+   version of (D)TLS that is available, however some broken servers are
    intolerant of certain versions being offered, and for classes of
    applications that have to deal with such servers (typically web
    browsers) it may be necessary to implement a version backdown
@@ -279,24 +279,30 @@ TLS Servers
           const TLS::Policy& policy, \
           RandomNumberGenerator& rng, \
           const std::vector<std::string>& protocols, \
+          bool is_datagram = false, \
           bool reserved_io_buffer_size)
 
 The first 7 arguments as well as the final argument
 *reserved_io_buffer_size*, are treated similiarly to the :ref:`client
 <tls_client>`.  The (optional) argument, *protocols*, specifies the
-protocols the server is willing to advertise it supports.
+protocols the server is willing to advertise it supports.  The
+argument *is_datagram* specifies if this is a TLS or DTLS server;
+unlike clients, which know what type of protocol (TLS vs DTLS) they
+are negotiating from the start via the *offer_version*, servers would
+not until they actually receive a hello without this parameter.
 
 .. cpp:function:: std::string TLS::Server::next_protocol() const
 
    If a handshake has completed, and if the client indicated a next
    protocol (ie, the protocol that it intends to run over this TLS
-   session) this return value will specify it. The next protocol
+   connection) this return value will specify it. The next-protocol
    extension is somewhat unusual in that it applies to the connection
    rather than the session. The next protocol can not change during a
    renegotiation, but might change across different connections using
    that session.
 
-A TLS server that can handle concurrent connections using asio:
+An example TLS server that can handle concurrent connections using
+asio follows:
 
 .. literalinclude:: ../../src/cmd/tls_server_asio.cpp
 
@@ -565,9 +571,8 @@ be negotiated during a handshake.
      Return true if this version of the protocol is one that we are
      willing to negotiate.
 
-     Default: True if a known TLS version. DTLS is not accepted by default;
-     to enable DTLS (or combined TLS/DTLS) in your application, override this
-     function. SSLv3 is also rejected by default.
+     Default: Accepts TLS v1.0 or higher, or DTLS v1.2 Note that SSLv3
+              is rejected by default.
 
  .. cpp:function:: bool server_uses_own_ciphersuite_preferences() const
 
diff --git a/doc/relnotes/1_11_10.rst b/doc/relnotes/1_11_10.rst
index ed0955aea..e401583c1 100644
--- a/doc/relnotes/1_11_10.rst
+++ b/doc/relnotes/1_11_10.rst
@@ -7,29 +7,37 @@ Version 1.11.10, Not Yet Released
   so applications implementing fallback are protected. Servers always check
   the SCSV.
 
-* Fixed a bug in CCM mode which caused it to produce incorrect tags
-  when used with a value of L other than 2. This affected CCM TLS
-  ciphersuites, which use L=3. Thanks to Manuel Pégourié-Gonnard for
-  the anaylsis and patch. Bugzilla 270.
+* In previous versions a TLS::Server could service either TLS or DTLS
+  connections depending on policy settings and what type of client hello it
+  received. This has changed and now a Server object is initialized for either
+  TLS or DTLS operation. The default policy previously prohibited DTLS,
+  precisely to prevent a TCP server from being surprised by a DTLS connection.
+  This has changed and the default policy now allows TLS v1.0 or higher or DTLS
+  v1.2.
+
+* Fixed a bug in CCM mode which caused it to produce incorrect tags when used
+  with a value of L other than 2. This affected CCM TLS ciphersuites, which use
+  L=3. Thanks to Manuel Pégourié-Gonnard for the anaylsis and
+  patch. Bugzilla 270.
 
 * DTLS now supports timeouts and handshake retransmits.
 
-* Add a TLS policy hook to disable putting the value of the local
-  clock in hello random fields.
+* Add a TLS policy hook to disable putting the value of the local clock in hello
+  random fields.
 
-* Avoid a crash in low-entropy situations when reading from
-  /dev/random, when select indicated the device was readable but by
-  the time we start the read the entropy pool had been depleted.
+* Avoid a crash in low-entropy situations when reading from /dev/random, when
+  select indicated the device was readable but by the time we start the read the
+  entropy pool had been depleted.
 
-* The Miller-Rabin primality test function now takes a parameter
-  allowing the user to directly specify the maximum false negative
-  probability they are willing to accept.
+* The Miller-Rabin primality test function now takes a parameter allowing the
+  user to directly specify the maximum false negative probability they are
+  willing to accept.
 
-* Fix decoding indefinite length BER constructs that contain a context
-  sensitive tag of zero. Github pull 26 from Janusz Chorko.
+* Fix decoding indefinite length BER constructs that contain a context sensitive
+  tag of zero. Github pull 26 from Janusz Chorko.
 
-* Add a new install script written in Python which replaces shell
-  hackery in the makefiles.
+* Add a new install script written in Python which replaces shell hackery in the
+  makefiles.
 
-* Various modifications to better support Visual C++ 2013 and 2015.
-  Github issues 11, 17, 18, 21, 22.
+* Various modifications to better support Visual C++ 2013 and 2015. Github
+  issues 11, 17, 18, 21, 22.