From fb0e87fb67a358b40a1d56d2df3a611a09899780 Mon Sep 17 00:00:00 2001 From: Bodo Moeller Date: Wed, 15 Oct 2014 10:43:50 +0200 Subject: Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv handling out of #ifndef OPENSSL_NO_DTLS1 section. Reviewed-by: Rich Salz --- doc/apps/s_client.pod | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'doc/apps/s_client.pod') diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 8f64f49dd0..2057dc86e0 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -64,6 +64,9 @@ B B [B<-no_ssl2>] [B<-no_ssl3>] [B<-no_tls1>] +[B<-no_tls1_1>] +[B<-no_tls1_2>] +[B<-fallback_scsv>] [B<-bugs>] [B<-cipher cipherlist>] [B<-serverpref>] @@ -245,16 +248,19 @@ Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. -Unfortunately there are a lot of ancient and broken servers in use which +Unfortunately there are still ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only -work if TLS is turned off with the B<-no_tls> option others will only -support SSL v2 and may need the B<-ssl2> option. +work if TLS is turned off. + +=item B<-fallback_scsv> + +Send TLS_FALLBACK_SCSV in the ClientHello. =item B<-bugs> -- cgit v1.2.3