From: Matt Caswell Date: Fri, 10 Apr 2015 12:10:05 +0000 (+0100) Subject: Add -listen documentation X-Git-Tag: OpenSSL_1_1_0-pre1~528 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=35d15a3952d50f243451c5f9fce1e2d9b88b67bb;p=oweals%2Fopenssl.git Add -listen documentation This commit adds documentation for the new -listen option to s_server. Along the way it also adds documentation for -dtls, -dtls1 and -dtls1_2 which was missing. Reviewed-by: Andy Polyakov --- diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 567df2cfef..3fd9a81562 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -67,6 +67,10 @@ B B [B<-no_tmp_rsa>] [B<-ssl3>] [B<-tls1>] +[B<-dtls>] +[B<-dtls1>] +[B<-dtls1_2>] +[B<-listen>] [B<-no_ssl3>] [B<-no_tls1>] [B<-no_dhe>] @@ -283,6 +287,21 @@ these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3 or TLS as appropriate. +=item B<-dtls>, B<-dtls1>, B<-dtls1_2> + +these options make s_server use DTLS protocols instead of TLS. With B<-dtls> +s_server will negotiate any supported DTLS protcol version, whilst B<-dtls1> and +B<-dtls1_2> will only support DTLS1.0 and DTLS1.2 respectively. + +=item B<-listen> + +this option can only be used in conjunction with one of the DTLS options above. +With this option s_server will listen on a UDP port for incoming connections. +Any ClientHellos that arrive will be checked to see if they have a cookie in +them or not. Any without a cookie will be responded to with a +HelloVerifyRequest. If a ClientHello with a cookie is received then s_server +will connect to that peer and complete the handshake. + =item B<-bugs> there are several known bug in SSL and TLS implementations. Adding this