Date: Sun, 5 Jun 2022 01:12:43 GMT From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 365704ad712b - stable/13 - rpc.tlsclntd: Update the man page for the -C option Message-ID: <202206050112.2551ChkB063930@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=365704ad712bbc5190bd26b1bc2bee98ca91cfc4 commit 365704ad712bbc5190bd26b1bc2bee98ca91cfc4 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2022-05-22 20:58:59 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2022-06-05 01:11:54 +0000 rpc.tlsclntd: Update the man page for the -C option Commit f5b40aa0dea6 modifies the -C command line option for rpc.tlsclntd to use the TLS 1.3 SSL_CTX_set_ciphersuites(). This patch updates the man page for this modified command line option. This is a content change. (cherry picked from commit 0bf3f379e18f5f01af77a23163222165321a5502) --- usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 index 23a9d05495c1..fa33a09411ac 100644 --- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 +++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 @@ -26,7 +26,7 @@ .\" $FreeBSD$ .\" .\" Modified from gssd.8 for rpc.tlsclntd.8 by Rick Macklem. -.Dd February 17, 2021 +.Dd May 18, 2022 .Dt RPC.TLSCLNTD 8 .Os .Sh NAME @@ -34,7 +34,7 @@ .Nd "Sun RPC over TLS Client Daemon" .Sh SYNOPSIS .Nm -.Op Fl C Ar preferred_ciphers +.Op Fl C Ar available_ciphers .Op Fl D Ar certdir .Op Fl d .Op Fl l Ar CAfile @@ -92,15 +92,24 @@ option has been specified. .Pp The options are as follows: .Bl -tag -width indent -.It Fl C Ar preferred_ciphers , Fl Fl ciphers= Ns Ar preferred_ciphers -Specify what preferred ciphers are to be used. +.It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers +Specify which ciphers are available during TLS handshake. If this option is specified, -.Dq SSL_CTX_set_cipher_list() +.Dq SSL_CTX_set_ciphersuites() will be called with -.Dq preferred_ciphers +.Dq available_ciphers as the argument. If this option is not specified, the cipher will be chosen by -.Xr ssl 7 . +.Xr ssl 7 , +which should be adequate for most cases. +The format for the available ciphers is a simple +.So +: +.Sc +separated list, in order of preference. +The command +.Dq openssl ciphers -s -tls1_3 +lists available ciphers. .It Fl D Ar certdir , Fl Fl certdir= Ns Ar certdir Use .Dq certdir
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206050112.2551ChkB063930>