Date: Sun, 5 Jun 2022 01:05:06 GMT From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: be4e16e9810f - stable/13 - rpc.tlsservd: Update the man page for the -C option Message-ID: <202206050105.255156DK050959@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=be4e16e9810f282d79c6a7913f02e6a425f13cca commit be4e16e9810f282d79c6a7913f02e6a425f13cca Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2022-05-21 22:44:29 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2022-06-05 01:04:13 +0000 rpc.tlsservd: Update the man page for the -C option Commit 712aac1389e8 adds a new -C command line option to rpc.tlsservd. This patch updates the man page for this new command line option. This is a content change. (cherry picked from commit d94358e29d1eacab17e9992ad91decb1b84b9449) --- usr.sbin/rpc.tlsservd/rpc.tlsservd.8 | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 index 9e1c78220884..5a1548235f5c 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 @@ -26,7 +26,7 @@ .\" $FreeBSD$ .\" .\" Modified from gssd.8 for rpc.tlsservd.8 by Rick Macklem. -.Dd January 29, 2021 +.Dd May 17, 2022 .Dt RPC.TLSSERVD 8 .Os .Sh NAME @@ -34,6 +34,7 @@ .Nd "Sun RPC over TLS Server Daemon" .Sh SYNOPSIS .Nm +.Op Fl C Ar available_ciphers .Op Fl D Ar certdir .Op Fl d .Op Fl h @@ -140,6 +141,24 @@ option has been specified. .Pp The options are as follows: .Bl -tag -width indent +.It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers +Specify which ciphers are available during TLS handshake. +If this option is specified, +.Dq SSL_CTX_set_ciphersuites() +will be called with +.Dq available_ciphers +as the argument. +If this option is not specified, the cipher will be chosen by +.Xr ssl 7 , +which should be adequate for most cases. +The format for the available ciphers is a simple +.So +: +.Sc +separated list, in order of preference. +The command +.Dq openssl ciphers -s -tls1_3 +lists available ciphers. .It Fl D Ar certdir , Fl Fl certdir= Ns Ar certdir Use .Dq certdir @@ -324,6 +343,7 @@ options is allowed. .Xr openssl 1 , .Xr ktls 4 , .Xr exports 5 , +.Xr ssl 7 , .Xr mount_nfs 8 , .Xr nfsuserd 8 , .Xr rpc.tlsclntd 8 ,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206050105.255156DK050959>