diff options
Diffstat (limited to 'doc/man1/s_client.pod')
-rw-r--r-- | doc/man1/s_client.pod | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 5414ffa41e..9f6084d53e 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -159,16 +159,20 @@ Use IPv6 only. =item B<-servername name> Set the TLS SNI (Server Name Indication) extension in the ClientHello message to -the given value. +the given value. If both this option and the B<-noservername> are not given, the +TLS SNI extension is still set to the hostname provided to the B<-connect> option, +or "localhost" if B<-connect> has not been supplied. This is default since OpenSSL +1.1.1. + +Even though SNI name should normally be a DNS name and not an IP address, this +option will not make the distinction when parsing B<-connect> and will send +IP address if one passed. =item B<-noservername> Suppresses sending of the SNI (Server Name Indication) extension in the ClientHello message. Cannot be used in conjunction with the B<-servername> or -<-dane_tlsa_domain> options. If this option is not given then the hostname -provided to the B<-connect> option is used in the SNI extension, or "localhost" -if B<-connect> has not been supplied. Note that an SNI name should normally be a -DNS name and not an IP address. +<-dane_tlsa_domain> options. =item B<-cert certname> |