Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 5 Jun 2022 01:05:06 GMT
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: be4e16e9810f - stable/13 - rpc.tlsservd: Update the man page for the -C option
Message-ID:  <202206050105.255156DK050959@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=be4e16e9810f282d79c6a7913f02e6a425f13cca

commit be4e16e9810f282d79c6a7913f02e6a425f13cca
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2022-05-21 22:44:29 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2022-06-05 01:04:13 +0000

    rpc.tlsservd: Update the man page for the -C option
    
    Commit 712aac1389e8 adds a new -C command line option
    to rpc.tlsservd.
    
    This patch updates the man page for this new command
    line option.
    
    This is a content change.
    
    (cherry picked from commit d94358e29d1eacab17e9992ad91decb1b84b9449)
---
 usr.sbin/rpc.tlsservd/rpc.tlsservd.8 | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8
index 9e1c78220884..5a1548235f5c 100644
--- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8
+++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8
@@ -26,7 +26,7 @@
 .\" $FreeBSD$
 .\"
 .\" Modified from gssd.8 for rpc.tlsservd.8 by Rick Macklem.
-.Dd January 29, 2021
+.Dd May 17, 2022
 .Dt RPC.TLSSERVD 8
 .Os
 .Sh NAME
@@ -34,6 +34,7 @@
 .Nd "Sun RPC over TLS Server Daemon"
 .Sh SYNOPSIS
 .Nm
+.Op Fl C Ar available_ciphers
 .Op Fl D Ar certdir
 .Op Fl d
 .Op Fl h
@@ -140,6 +141,24 @@ option has been specified.
 .Pp
 The options are as follows:
 .Bl -tag -width indent
+.It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers
+Specify which ciphers are available during TLS handshake.
+If this option is specified,
+.Dq SSL_CTX_set_ciphersuites()
+will be called with
+.Dq available_ciphers
+as the argument.
+If this option is not specified, the cipher will be chosen by
+.Xr ssl 7 ,
+which should be adequate for most cases.
+The format for the available ciphers is a simple
+.So
+:
+.Sc
+separated list, in order of preference.
+The command
+.Dq openssl ciphers -s -tls1_3
+lists available ciphers.
 .It Fl D Ar certdir , Fl Fl certdir= Ns Ar certdir
 Use
 .Dq certdir
@@ -324,6 +343,7 @@ options is allowed.
 .Xr openssl 1 ,
 .Xr ktls 4 ,
 .Xr exports 5 ,
+.Xr ssl 7 ,
 .Xr mount_nfs 8 ,
 .Xr nfsuserd 8 ,
 .Xr rpc.tlsclntd 8 ,



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206050105.255156DK050959>