Date: Sun, 5 Jun 2022 01:06:48 GMT From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 721a59734632 - stable/13 - rpc.tlsservd: Add the -2 option to the man page Message-ID: <202206050106.25516mGe051146@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=721a59734632bdcd326af1910148cc7631f6ab40 commit 721a59734632bdcd326af1910148cc7631f6ab40 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2022-05-22 21:17:06 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2022-06-05 01:05:20 +0000 rpc.tlsservd: Add the -2 option to the man page Since the KTLS now supports TLS1.3, the daemons default to version 1.3, since the draft (to be an RFC someday) requires TLS1.3. However, since FreeBSD 13,0, 13,1 uses TLS1.2 for NFS-over-TLS, the "-2" option is added to both daemons for compatibility with FreeBSD 13.0, 13.1. This patch updates the man pages for this. This is a content change. (cherry picked from commit e2c72fecfc51d376600b29dfea737a3d1054e34a) --- usr.sbin/rpc.tlsservd/rpc.tlsservd.8 | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 index 5a1548235f5c..cfba53536b7d 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 @@ -26,7 +26,7 @@ .\" $FreeBSD$ .\" .\" Modified from gssd.8 for rpc.tlsservd.8 by Rick Macklem. -.Dd May 17, 2022 +.Dd May 22, 2022 .Dt RPC.TLSSERVD 8 .Os .Sh NAME @@ -34,6 +34,7 @@ .Nd "Sun RPC over TLS Server Daemon" .Sh SYNOPSIS .Nm +.Op Fl 2 .Op Fl C Ar available_ciphers .Op Fl D Ar certdir .Op Fl d @@ -141,6 +142,15 @@ option has been specified. .Pp The options are as follows: .Bl -tag -width indent +.It Fl 2 , Fl Fl allowtls1_2 +Permit clients to mount using TLS version 1.2. +By default, the daemon will only allow mounts +using TLS version 1.3, as required by the RFC. +However, early +.Fx +.Pq 13.0 and 13.1 +clients require +this option, since they use TLS version 1.2. .It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers Specify which ciphers are available during TLS handshake. If this option is specified,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206050106.25516mGe051146>