Add -dane_ee_no_namechecks s_client(1) option

[openssl.git] / doc / apps / s_client.pod

diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 029da4f539a3f55eec04f8008bb8e693da8b1874..11b4a9819585293d2f0c72c4612158f7bea5df33 100644 (file)
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME
@@ -25,6 +24,7 @@ B<openssl> B<s_client>
 [B<-no-CApath>]
 [B<-dane_tlsa_domain domain>]
 [B<-dane_tlsa_rrdata rrdata>]
+[B<-dane_ee_no_namechecks>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-crl_check>]
@@ -226,6 +226,24 @@ whitespace is ignored in the associated data field.  For example:
   DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1
   ...
 
+=item B<-dane_ee_no_namechecks>
+
+This disables server name checks when authenticating via DANE-EE(3) TLSA
+records.
+For some applications, primarily web browsers, it is not safe to disable name
+checks due to "unknown key share" attacks, in which a malicious server can
+convince a client that a connection to a victim server is instead a secure
+connection to the malicious server.
+The malicious server may then be able to violate cross-origin scripting
+restrictions.
+Thus, despite the text of RFC7671, name checks are by default enabled for
+DANE-EE(3) TLSA records, and can be disabled in applications where it is safe
+to do so.
+In particular, SMTP and XMPP clients should set this option as SRV and MX
+records already make it possible for a remote domain to redirect client
+connections to any server of its choice, and in any case SMTP and XMPP clients
+do not execute scripts downloaded from remote servers.
+
 =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
 B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
 B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
@@ -328,7 +346,7 @@ and accepted from the server.
 =item B<-dtls>, B<-dtls1>, B<-dtls1_2>
 
 These options make B<s_client> use DTLS protocols instead of TLS.
-With B<-dtls>, B<s_client> will negotiate any supported DTLS protcol version,
+With B<-dtls>, B<s_client> will negotiate any supported DTLS protocol version,
 whilst B<-dtls1> and B<-dtls1_2> will only support DTLS1.0 and DTLS1.2
 respectively.
 
@@ -356,7 +374,7 @@ L<SSL_CTX_set_split_send_fragment(3)> for further information.
 
 The maximum number of encrypt/decrypt pipelines to be used. This will only have
 an effect if an engine has been loaded that supports pipelining (e.g. the dasync
-engine) and a suiteable ciphersuite has been negotiated. The default value is 1.
+engine) and a suitable ciphersuite has been negotiated. The default value is 1.
 See L<SSL_CTX_set_max_pipelines(3)> for further information.
 
 =item B<-read_buf int>
@@ -416,7 +434,7 @@ print out a hex dump of any TLS extensions received from the server.
 
 =item B<-no_ticket>
 
-disable RFC4507bis session ticket support. 
+disable RFC4507bis session ticket support.
 
 =item B<-sess_out filename>
 
@@ -444,7 +462,7 @@ all others.
 
 =item B<-serverinfo types>
 
-a list of comma-separated TLS Extension Types (numbers between 0 and 
+a list of comma-separated TLS Extension Types (numbers between 0 and
 65535).  Each type will be sent as an empty ClientHello TLS Extension.
 The server's response (if any) will be encoded and displayed as a PEM
 file.
@@ -550,8 +568,6 @@ L<sess_id(1)>, L<s_server(1)>, L<ciphers(1)>
 
 The -no_alt_chains options was first added to OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.