From: Rich Salz Date: Tue, 31 Jul 2018 15:36:44 +0000 (-0400) Subject: Some protocol versions are build-time X-Git-Tag: OpenSSL_1_1_1-pre9~64 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ed4fc85359d40bd06a53af9c8a058b8d3e4e3e39;p=oweals%2Fopenssl.git Some protocol versions are build-time Clarify docs to list that some protocol flags might not be available depending on how OpenSSL was build. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6816) --- diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index e3278eb6db..3aea982384 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -73,30 +73,12 @@ L. Like B<-v>, but include the official cipher suite values in hex. -=item B<-tls1_3> +=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3> -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.3 were negotiated. - -=item B<-tls1_2> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.2 were negotiated. - -=item B<-ssl3> - -In combination with the B<-s> option, list the ciphers which would be used if -SSLv3 were negotiated. - -=item B<-tls1> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1 were negotiated. - -=item B<-tls1_1> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.1 were negotiated. +In combination with the B<-s> option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-stdname> diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 7d92dd82a0..80152e1ba4 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -473,6 +473,8 @@ By default B will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be offered to and accepted from the server. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-dtls>, B<-dtls1>, B<-dtls1_2> diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 5399096b83..07016fc461 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -532,6 +532,8 @@ By default B will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be accepted from the client. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-bugs> diff --git a/doc/man1/s_time.pod b/doc/man1/s_time.pod index e5b8af421d..d17e13728e 100644 --- a/doc/man1/s_time.pod +++ b/doc/man1/s_time.pod @@ -112,16 +112,19 @@ specified, they are both on by default and executed in sequence. =item B<-ssl3> -These options disable the use of certain SSL or TLS protocols. By default +This option disables the use of SSL version 3. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3 or TLS as appropriate. + The timing program is not as rich in options to turn protocols on and off as the L program and may not connect to all servers. - Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only work if TLS is turned off with the B<-ssl3> option. +Note that this option may not be available, depending on how +OpenSSL was built. + =item B<-bugs> There are several known bug in SSL and TLS implementations. Adding this