document -nextprotoneg option in man pages

[openssl.git] / doc / apps / s_client.pod

diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index e5fe26b19010d82055cb34e0145f16ea181abf00..8f64f49dd02d619d01c94abc47e2badf202b85e7 100644 (file)
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -76,8 +76,8 @@ B<openssl> B<s_client>
 [B<-sess_in filename>]
 [B<-rand file(s)>]
 [B<-serverinfo types>]
-[B<-auth>]
-[B<-auth_require_reneg>]
+[B<-status>]
+[B<-nextprotoneg protocols>]
 
 =head1 DESCRIPTION
 
@@ -329,14 +329,21 @@ a list of comma-separated TLS Extension Types (numbers between 0 and
 The server's response (if any) will be encoded and displayed as a PEM
 file.
 
-=item B<-auth>
+=item B<-status>
 
-send RFC 5878 client and server authorization extensions in the Client Hello as well as
-supplemental data if the server also sent the authorization extensions in the Server Hello.
+sends a certificate status request to the server (OCSP stapling). The server
+response (if any) is printed out.
 
-=item B<-auth_require_reneg>
+=item B<-nextprotoneg protocols>
 
-only send RFC 5878 client and server authorization extensions during renegotiation.
+enable Next Protocol Negotiation TLS extension and provide a list of
+comma-separated protocol names that the client should advertise
+support for. The list should contain most wanted protocols first.
+Protocol names are printable ASCII strings, for example "http/1.1" or
+"spdy/3".
+Empty list of protocols is treated specially and will cause the client to
+advertise support for the TLS extension but disconnect just after
+reciving ServerHello with a list of server supported protocols.
 
 =back