From nobody Sun Jun 5 01:06:48 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DA28C1BD433D; Sun, 5 Jun 2022 01:06:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LFz3Y2gd7z3NQT; Sun, 5 Jun 2022 01:06:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654391209; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8xsDlSySU4J1k5amrXJFwk9KuB6isGhNfMT+z6AHNps=; b=EDMPYL3IsQfKdYVdSq8g1nxD2ebW2CK56OpRYM4IjHiJop4lGGXWOHnRP2ON5ThaVGMQBn fT3AyYDb896ZiSyH3W4dxcX+H3wxFTjZANzrXHpV0J7AZEYvO7L2yjPd2VyuH1qf951Bjn Frm7vwTZyNij42n5zcPebUpdVL9IXqbEL2R1tJTEhTxqrKxuHxITzJSsbd1hIKTL3ZJqyM Ikp1yiS2LoQaSC4JcfWW1bCZE/UjDW6mpngPXVK10O0KB1kS4xgJCMy6imioJKu5wcTv0E G0CtE8c4YZJMJCo9TN0g4A+oNeb4RK985J7BxA8H4IuLLNOmCpb63QXkpJCG0A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D5F2943E; Sun, 5 Jun 2022 01:06:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 25516mWt051147; Sun, 5 Jun 2022 01:06:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 25516mGe051146; Sun, 5 Jun 2022 01:06:48 GMT (envelope-from git) Date: Sun, 5 Jun 2022 01:06:48 GMT Message-Id: <202206050106.25516mGe051146@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 721a59734632 - stable/13 - rpc.tlsservd: Add the -2 option to the man page List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 721a59734632bdcd326af1910148cc7631f6ab40 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654391209; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8xsDlSySU4J1k5amrXJFwk9KuB6isGhNfMT+z6AHNps=; b=el4NIbR4ozSGzkn/CMfuSdEwPhE4YjiQBr428SpGFhGldwUCyBGsbF+Ca/5pdYxFNPKqi3 OzAuVX7lpp1z79QxBBLvEk//6doHwlax0CpJ+V+tAiJqb/UazRiCcbIgOjPdsCRpRkeoD7 W/KIVq+tDpMKRejEncmtJC/hc+Mu0F5mltVXOdw3EL6HR8MxKbtJMIPOqpz3m98jAjaBHb bdA3ZEUMuMhg0qmVspMEWVdOF/oIk4M2EzXApCZrRBC8MPwKwYgm8+hMSAkV8dJnFjOdbi Up9QtNFpdllE+PPImwFt11bTtcs92uGJ2Ec1YUpkwAMTVt8ZrVRt+3A5159cFw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654391209; a=rsa-sha256; cv=none; b=OM+rDRvWQvr6aOhe6cYXZdUORJMhOMTVGcUH5QHuNx5ngAFDtbEsxmQ+tnE5kVPQ+pCyRh KGkgkKMssA0JsFBaEoT40eGpV7fSmgAI/WtmkiqpOgpBDesQ2NJ4upDYaYCXbiCZPbDQTA U3gBZxo9IJFl0iRGpsOtMzZk+Nz9xe1zXSBBwDANyTTJxfgB39kam2avDEE/RXq2Bdg6qI 6pnU8qIzdLPWBnQP9u3vBmCI4t5w6UhdpcEJU70KUiF16LGzQbr4OVHRgmZ0EmRwxdOiBK 8dfDbPTLkqzNDRxhCrxmkYIHffmjIq27rfZl4pROfjNvoUy9yy7lecbJDQRJmw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=721a59734632bdcd326af1910148cc7631f6ab40 commit 721a59734632bdcd326af1910148cc7631f6ab40 Author: Rick Macklem AuthorDate: 2022-05-22 21:17:06 +0000 Commit: Rick Macklem CommitDate: 2022-06-05 01:05:20 +0000 rpc.tlsservd: Add the -2 option to the man page Since the KTLS now supports TLS1.3, the daemons default to version 1.3, since the draft (to be an RFC someday) requires TLS1.3. However, since FreeBSD 13,0, 13,1 uses TLS1.2 for NFS-over-TLS, the "-2" option is added to both daemons for compatibility with FreeBSD 13.0, 13.1. This patch updates the man pages for this. This is a content change. (cherry picked from commit e2c72fecfc51d376600b29dfea737a3d1054e34a) --- usr.sbin/rpc.tlsservd/rpc.tlsservd.8 | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 index 5a1548235f5c..cfba53536b7d 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8 @@ -26,7 +26,7 @@ .\" $FreeBSD$ .\" .\" Modified from gssd.8 for rpc.tlsservd.8 by Rick Macklem. -.Dd May 17, 2022 +.Dd May 22, 2022 .Dt RPC.TLSSERVD 8 .Os .Sh NAME @@ -34,6 +34,7 @@ .Nd "Sun RPC over TLS Server Daemon" .Sh SYNOPSIS .Nm +.Op Fl 2 .Op Fl C Ar available_ciphers .Op Fl D Ar certdir .Op Fl d @@ -141,6 +142,15 @@ option has been specified. .Pp The options are as follows: .Bl -tag -width indent +.It Fl 2 , Fl Fl allowtls1_2 +Permit clients to mount using TLS version 1.2. +By default, the daemon will only allow mounts +using TLS version 1.3, as required by the RFC. +However, early +.Fx +.Pq 13.0 and 13.1 +clients require +this option, since they use TLS version 1.2. .It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers Specify which ciphers are available during TLS handshake. If this option is specified,