Some protocol versions are build-time
Clarify docs to list that some protocol flags might not be available depending on how OpenSSL was build. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6816)
This commit is contained in:
Rich Salz
parent
43a0f2733a
commit
ed4fc85359
4 changed files with 14 additions and 25 deletions
|
|
@ -73,30 +73,12 @@ L<SSL_CIPHER_description(3)>.
|
|||
|
||||
Like B<-v>, but include the official cipher suite values in hex.
|
||||
|
||||
=item B<-tls1_3>
|
||||
=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3>
|
||||
|
||||
In combination with the B<-s> option, list the ciphers which would be used if
|
||||
TLSv1.3 were negotiated.
|
||||
|
||||
=item B<-tls1_2>
|
||||
|
||||
In combination with the B<-s> option, list the ciphers which would be used if
|
||||
TLSv1.2 were negotiated.
|
||||
|
||||
=item B<-ssl3>
|
||||
|
||||
In combination with the B<-s> option, list the ciphers which would be used if
|
||||
SSLv3 were negotiated.
|
||||
|
||||
=item B<-tls1>
|
||||
|
||||
In combination with the B<-s> option, list the ciphers which would be used if
|
||||
TLSv1 were negotiated.
|
||||
|
||||
=item B<-tls1_1>
|
||||
|
||||
In combination with the B<-s> option, list the ciphers which would be used if
|
||||
TLSv1.1 were negotiated.
|
||||
In combination with the B<-s> option, list the ciphers which could be used if
|
||||
the specified protocol were negotiated.
|
||||
Note that not all protocols and flags may be available, depending on how
|
||||
OpenSSL was built.
|
||||
|
||||
=item B<-stdname>
|
||||
|
||||
|
|
|
|||
|
|
@ -473,6 +473,8 @@ By default B<s_client> will negotiate the highest mutually supported protocol
|
|||
version.
|
||||
When a specific TLS version is required, only that version will be offered to
|
||||
and accepted from the server.
|
||||
Note that not all protocols and flags may be available, depending on how
|
||||
OpenSSL was built.
|
||||
|
||||
=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
|
||||
|
||||
|
|
|
|||
|
|
@ -532,6 +532,8 @@ By default B<s_server> will negotiate the highest mutually supported protocol
|
|||
version.
|
||||
When a specific TLS version is required, only that version will be accepted
|
||||
from the client.
|
||||
Note that not all protocols and flags may be available, depending on how
|
||||
OpenSSL was built.
|
||||
|
||||
=item B<-bugs>
|
||||
|
||||
|
|
|
|||
|
|
@ -112,16 +112,19 @@ specified, they are both on by default and executed in sequence.
|
|||
|
||||
=item B<-ssl3>
|
||||
|
||||
These options disable the use of certain SSL or TLS protocols. By default
|
||||
This option disables the use of SSL version 3. By default
|
||||
the initial handshake uses a method which should be compatible with all
|
||||
servers and permit them to use SSL v3 or TLS as appropriate.
|
||||
|
||||
The timing program is not as rich in options to turn protocols on and off as
|
||||
the L<s_client(1)> program and may not connect to all servers.
|
||||
|
||||
Unfortunately there are a lot of ancient and broken servers in use which
|
||||
cannot handle this technique and will fail to connect. Some servers only
|
||||
work if TLS is turned off with the B<-ssl3> option.
|
||||
|
||||
Note that this option may not be available, depending on how
|
||||
OpenSSL was built.
|
||||
|
||||
=item B<-bugs>
|
||||
|
||||
There are several known bug in SSL and TLS implementations. Adding this
|
||||
|
|
|
|||
Loading…
Reference in a new issue