commit 3946f79cabc20e2dfa7fa45ae60d1ca8895b4af7
author TRodziewicz <tomasz.rodziewicz@mobica.com> Mon Jun 14 12:11:18 2021 +0200
committer TRodziewicz <tomasz.rodziewicz@mobica.com> Mon Jun 14 13:46:21 2021 +0200
tree 34a79933d324abcbe4b199b42867c4177c76ac51
parent 8b223b650991182ff288140b5f8b3a1d4832981d

Correction according to code review (function and param. names change
and docs rewording)

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 364239a..f0ae778 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -200,8 +200,8 @@
 #define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED    0
 #define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED      1
 
-#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED    1
-#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED   0
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT  1
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER  0
 
 /*
  * Default range for DTLS retransmission timer value, in milliseconds.
@@ -2498,9 +2498,12 @@
  *                      The ciphersuites array is not copied, and must remain
  *                      valid for the lifetime of the ssl_config.
  *
- *                      Note: The server uses its own preferences
- *                      over the preference of the client unless
- *                      conf->respect_cli_pref is enabled!
+ *                      Note: By default, the server chooses its preferred
+ *                      ciphersuite among those that the client supports. If
+ *                      mbedtls_ssl_conf_preference_order() is called to prefer
+ *                      the client's preferences, the server instead chooses
+ *                      the client's preferred ciphersuite among those that
+ *                      the server supports.
  *
  * \param conf          SSL configuration
  * \param ciphersuites  0-terminated list of allowed ciphersuites
@@ -3300,15 +3303,15 @@
 
 #if defined(MBEDTLS_SSL_SRV_C)
 /**
- * \brief          Pick the ciphersuite according to the client's preferences
- *                 rather than ours in the SSL Server module (MBEDTLS_SSL_SRV_C).
- *                 (Default: MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED)
+ * \brief          Pick the ciphersuites order according to the second parameter
+ *                 in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *                 (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
  *
  * \param conf     SSL configuration
- * \param enable   Enable or disable (MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED
- *                                 or MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED)
+ * \param order    Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
+ *                                or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
  */
-void mbedtls_ssl_conf_respect_client_preference( mbedtls_ssl_config *conf, int enable );
+void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)