Document default client -psk_identity

[openssl.git] / doc / man1 / s_server.pod

diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index d2fbb849736c47d0e8a5f3fd78b0c06948d9ac27..db712f90e997a60f374a8ba4468963e8be30c51a 100644 (file)
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -86,6 +86,7 @@ B<openssl> B<s_server>
 [B<-sctp>]
 [B<-listen>]
 [B<-async>]
+[B<-max_send_frag>]
 [B<-split_send_frag>]
 [B<-max_pipelines>]
 [B<-read_buf>]
@@ -332,11 +333,18 @@ Inhibit printing of session and certificate information.
 
 Use the PSK identity hint B<hint> when using a PSK cipher suite.
 
+=item B<-psk_identity identity>
+
+Expect the client to send PSK identity B<identity> when using a PSK
+cipher suite, and warn if they do not.  By default, the expected PSK
+identity is the string "Client_identity".
+
 =item B<-psk key>
 
 Use the PSK key B<key> when using a PSK cipher suite. The key is
 given as a hexadecimal number without leading 0x, for example -psk
 1a2b3c4d.
+This option must be provided in order to use a PSK cipher.
 
 =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
@@ -376,6 +384,11 @@ asynchronously. This will only have an effect if an asynchronous capable engine
 is also used via the B<-engine> option. For test purposes the dummy async engine
 (dasync) can be used (if available).
 
+=item B<-max_send_frag int>
+
+The maximum size of data fragment to send.
+See L<SSL_CTX_set_max_send_fragment(3)> for further information.
+
 =item B<-split_send_frag int>
 
 The size used to split data for encrypt pipelines. If more data is written in
@@ -638,8 +651,9 @@ unknown cipher suites a client says it supports.
 
 =head1 SEE ALSO
 
-L<SSL_CONF_cmd(3)>,
-L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
+L<SSL_CONF_cmd(3)>, L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
+L<SSL_CTX_set_max_send_fragment(3)>, L<SSL_CTX_set_split_send_fragment(3)>
+L<SSL_CTX_set_max_pipelines(3)> 
 
 =head1 HISTORY