Haivision · rndi · Sep 13, 2019 · Aug 5, 2019 · Aug 22, 2019 · Aug 22, 2019
diff --git a/apps/socketoptions.hpp b/apps/socketoptions.hpp
@@ -231,7 +231,7 @@ const SocketOption srt_options [] {
     { "payloadsize", 0, SRTO_PAYLOADSIZE, SocketOption::PRE, SocketOption::INT, nullptr},
     { "kmrefreshrate", 0, SRTO_KMREFRESHRATE, SocketOption::PRE, SocketOption::INT, nullptr },
     { "kmpreannounce", 0, SRTO_KMPREANNOUNCE, SocketOption::PRE, SocketOption::INT, nullptr },
-    { "strictenc", 0, SRTO_STRICTENC, SocketOption::PRE, SocketOption::BOOL, nullptr },
+    { "enforcedencryption", 0, SRTO_ENFORCEDENCRYPTION, SocketOption::PRE, SocketOption::BOOL, nullptr },
     { "peeridletimeo", 0, SRTO_PEERIDLETIMEO, SocketOption::PRE, SocketOption::INT, nullptr },
     { "packetfilter", 0, SRTO_PACKETFILTER, SocketOption::PRE, SocketOption::STRING, nullptr }
 };

diff --git a/docs/API-functions.md b/docs/API-functions.md
@@ -954,7 +954,7 @@ Both parties have defined a passprhase for connection and they differ.
 #### SRT_REJ_UNSECURE
 
 Only one connection party has set up a password. See also
-`SRTO_STRICTENC` flag in API.md.
+`SRTO_ENFORCEDENCRYPTION` flag in API.md.
 
 #### SRT_REJ_MESSAGEAPI
 

diff --git a/docs/API.md b/docs/API.md
@@ -1027,33 +1027,27 @@ side and it's the matter of luck which one would win
 
 ---
 
-| OptName           | Since | Binding | Type            | Units | Default  | Range  |
-| ----------------- | ----- | ------- | --------------- | ----- | -------- | ------ |
-| `SRTO_STRICTENC`  | 1.3.2 | pre     | `int (bool)`    |       | true     | false  |
-
-- **[SET]** - This option, when set to TRUE, allows connection only if the
-encryption setup of the connection parties is a "strictly encrypted" case,
-that is:
-
-   - neither party has enabled encryption
-   - both parties have enabled encryption with the same passphrase
-
-In other cases the connection will be rejected.
-
-When this option is set to FALSE **by both parties of the connection**, the
-following combinations of encryption setup will be allowed for connection (with
-appropriate limitations):
-
-   - both parties have enabled encryption with different passphrase
-      - transmission not possible in either direction
-   - only one party has enabled encryption
-      - unencrypted transmission possible only from unencrypted party to encrypted one
-
-Setting the `SRTO_STRICTENC`option to FALSE can be useful in situations where
-it is important to know whether a connection is possible. The inability to
-decrypt an incoming transmission can be reported as a different kind of
-problem.
-
+| OptName                    | Since | Binding | Type            | Units | Default  | Range  |
+| -------------------------- | ----- | ------- | --------------- | ----- | -------- | ------ |
+| `SRTO_ENFORCEDENCRYPTION`  | 1.3.2 | pre     | `int (bool)`    |       | true     | false  |
+
+- **[SET]** - This option enforces that both connection parties have the
+same passphrase set (including empty, that is, with no encryption), or
+otherwise the connection is rejected.
+
+When this option is set to FALSE **on both connection parties**, the
+connection is allowed even if the passphrase differs on both parties,
+or it was set only on one party. Note that the party that has set a passphrase
+is still allowed to send data over the network. However, the receiver will not
+be able to decrypt that data and will not deliver it to the application. The
+party that has set no passphrase can send (unencrypted) data that will be
+successfully received by its peer.
+
+This option can be used in some specific situations when the user knows
+both parties of the connection, so there's no possible situation of a rogue
+sender and can be useful in situations where it is important to know whether a
+connection is possible. The inability to decrypt an incoming transmission can
+be then reported as a different kind of problem.
 ---
 
 | OptName           | Since | Binding | Type            | Units | Default  | Range  |

diff --git a/srtcore/core.cpp b/srtcore/core.cpp
@@ -896,7 +896,7 @@ void CUDT::setOpt(SRT_SOCKOPT optName, const void* optval, int optlen)
       }
       break;
 
-   case SRTO_STRICTENC:
+   case SRTO_ENFORCEDENCRYPTION:
       if (m_bConnected)
           throw CUDTException(MJ_NOTSUP, MN_ISCONNECTED, 0);
 
@@ -1212,7 +1212,7 @@ void CUDT::getOpt(SRT_SOCKOPT optName, void* optval, int& optlen)
       *(int*)optval = m_zOPT_ExpPayloadSize;
       break;
 
-   case SRTO_STRICTENC:
+   case SRTO_ENFORCEDENCRYPTION:
       optlen = sizeof (int32_t); // also with TSBPDMODE and SENDER
       *(int32_t*)optval = m_bOPT_StrictEncryption;
       break;

diff --git a/srtcore/srt.h b/srtcore/srt.h
@@ -178,7 +178,7 @@ typedef enum SRT_SOCKOPT {
    SRTO_TRANSTYPE = 50,      // Transmission type (set of options required for given transmission type)
    SRTO_KMREFRESHRATE,       // After sending how many packets the encryption key should be flipped to the new key
    SRTO_KMPREANNOUNCE,       // How many packets before key flip the new key is annnounced and after key flip the old one decommissioned
-   SRTO_STRICTENC,           // Connection to be rejected or quickly broken when one side encryption set or bad password
+   SRTO_ENFORCEDENCRYPTION,  // Connection to be rejected or quickly broken when one side encryption set or bad password
    SRTO_IPV6ONLY,            // IPV6_V6ONLY mode
    SRTO_PEERIDLETIMEO,       // Peer-idle timeout (max time of silence heard from peer) in [ms]
    // (some space left)
@@ -223,6 +223,7 @@ static const SRT_SOCKOPT SRTO_RCVPBKEYLEN SRT_ATR_DEPRECATED = (SRT_SOCKOPT)39;
 
 // Keeping old name for compatibility (deprecated)
 static const SRT_SOCKOPT SRTO_SMOOTHER SRT_ATR_DEPRECATED = SRTO_CONGESTION;
+static const SRT_SOCKOPT SRTO_STRICTENC SRT_ATR_DEPRECATED = SRTO_ENFORCEDENCRYPTION;
 
 typedef enum SRT_TRANSTYPE
 {