Reword some comments.
There were a handful of comments that use "blacklist" and "whitelist".
They are easy to fix.
Change-Id: I49a9592393b43fc85e92b4a00a585b504dede75a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41645
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index d95aeb3..3bbb4e3 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -193,11 +193,11 @@
min_version = TLS1_3_VERSION;
}
- // OpenSSL's API for controlling versions entails blacklisting individual
- // protocols. This has two problems. First, on the client, the protocol can
- // only express a contiguous range of versions. Second, a library consumer
- // trying to set a maximum version cannot disable protocol versions that get
- // added in a future version of the library.
+ // The |SSL_OP_NO_*| flags disable individual protocols. This has two
+ // problems. First, prior to TLS 1.3, the protocol can only express a
+ // contiguous range of versions. Second, a library consumer trying to set a
+ // maximum version cannot disable protocol versions that get added in a future
+ // version of the library.
//
// To account for both of these, OpenSSL interprets the client-side bitmask
// as a min/max range by picking the lowest contiguous non-empty range of
