From nobody Sun May 22 21:18:11 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7EB001B35EC7; Sun, 22 May 2022 21:18:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L5tbl2hR7z4Vw8; Sun, 22 May 2022 21:18:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653254291; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=d0k1AqIyeA12RH0W10m9afvKHjheXRC3ccduUKb+lAY=; b=QRFCRGteCCqF8PDKRNpRconb4Dhpz7B9nt07tlAxhkOgkd7EsaqjXZn1E3cB1Py14c+oaE xbGggQ7S4hccTmsM41xChUGYciT7a4KPcriyYlwKtMENtSZrk4TewpWALDIJ8D3wU+tSi/ +O/wvej8qgAoqOrTMHIWAMyDHCUQX5YL/eBVJS+0bhNCrAIu866qI+VWroOHILHdwYcNSY TNdNT1fd/ploPDBM0iouH9pPyeGNR1omCpBRZplPtU00If7qick+WmButYFI+xzadGwGKa 7key6Kj03JSg9viuCztUUhGg3TQMMkuACooozoPLr7+b2WiSrwMDvdUr07sbJg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3889122ADB; Sun, 22 May 2022 21:18:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 24MLIBlL074989; Sun, 22 May 2022 21:18:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 24MLIBPh074988; Sun, 22 May 2022 21:18:11 GMT (envelope-from git) Date: Sun, 22 May 2022 21:18:11 GMT Message-Id: <202205222118.24MLIBPh074988@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Rick Macklem Subject: git: e2c72fecfc51 - main - rpc.tlsservd: Add the -2 option to the man page List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e2c72fecfc51d376600b29dfea737a3d1054e34a Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653254291; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=d0k1AqIyeA12RH0W10m9afvKHjheXRC3ccduUKb+lAY=; b=ivQSdxcLVlioPtN9c0x1AhjONFw5zdCTCiKOkIA1afUb/oerAxChi8A8yQ67WzbKaW1pbx gn92hXFWVibsBWNUA7MfGRCQDSg4XJgjBKP6LmOebkKXYVXbBHFoV7/0/JnG6fZt1WK70H ZZJF7oOJ4CWM1wwb89CISr6brFpQTOV3Hi+OYbFEKF4suKkWSjxBM/y3ns0B4+ln/1Yd+H 3ZrBVJjK5AdLJOgBqFGVMzI3e0K4678JNBi6unQ8HdK0nVooRPixd2ulXMlBfDRk36LmS4 ZGVZ5CHXbrYGMaOk/654ENIdnDBA1ZlKh/v7XmGaxkOnvunSFWYpw6hPIBTBEQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1653254291; a=rsa-sha256; cv=none; b=SYuQMkghh6eJkd0FYAbCO/eBIfURN3Ueuf1yjYGRXkJDtqZZ61YWIAgPPy3nFhGPh77pPl f6p3Lh0xZ9F7MqSeqWXRCutieYGgLlMkE4p1zBqrcp69r5+l0QlrsGMjoDxCwP7vqsGnsx iEjuFGRFwEOFPDhgsL/+P3N9/J3GlfHGQA5Y/0Ann9S8FB7QAnsjKYyM1uzVszIRGYZD4P 1ShCyxmh8m2gF813LDwTTIWcawFX+JSl4bmJ3pkSeb6KK1VqVUXGE3N9eFZqZPUh3O5vju 9gYwVgAGfDGDMfDPDTfQuWY516pzxboWzwMWDAazlBvXo2aaUFAEqKKh27AQhw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=e2c72fecfc51d376600b29dfea737a3d1054e34a commit e2c72fecfc51d376600b29dfea737a3d1054e34a Author: Rick Macklem AuthorDate: 2022-05-22 21:17:06 +0000 Commit: Rick Macklem CommitDate: 2022-05-22 21:17:06 +0000 rpc.tlsservd: Add the -2 option to the man page Since the KTLS now supports TLS1.3, the daemons default to version 1.3, since the draft (to be an RFC someday) requires TLS1.3. However, since FreeBSD 13,0, 13,1 uses TLS1.2 for NFS-over-TLS, the "-2" option is added to both daemons for compatibility with FreeBSD 13.0, 13.1. This patch updates the man pages for this. This is a content change. Reviewed by: pauamma_gundo.com MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D35290 --- usr.sbin/rpc.tlsservd/rpc.tlsservd.8 | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 index 5a1548235f5c..cfba53536b7d 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 @@ -26,7 +26,7 @@ .\" $FreeBSD$ .\" .\" Modified from gssd.8 for rpc.tlsservd.8 by Rick Macklem. -.Dd May 17, 2022 +.Dd May 22, 2022 .Dt RPC.TLSSERVD 8 .Os .Sh NAME @@ -34,6 +34,7 @@ .Nd "Sun RPC over TLS Server Daemon" .Sh SYNOPSIS .Nm +.Op Fl 2 .Op Fl C Ar available_ciphers .Op Fl D Ar certdir .Op Fl d @@ -141,6 +142,15 @@ option has been specified. .Pp The options are as follows: .Bl -tag -width indent +.It Fl 2 , Fl Fl allowtls1_2 +Permit clients to mount using TLS version 1.2. +By default, the daemon will only allow mounts +using TLS version 1.3, as required by the RFC. +However, early +.Fx +.Pq 13.0 and 13.1 +clients require +this option, since they use TLS version 1.2. .It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers Specify which ciphers are available during TLS handshake. If this option is specified,