Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL

[openssl.git] / doc / man3 / SSL_CTX_new.pod

diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod
index 29387d343f1d3d86675dddee0b20713a31323ee3..371827d87b9d417bf1c6ff7f2a7e7408cd43d7c3 100644 (file)
--- a/doc/man3/SSL_CTX_new.pod
+++ b/doc/man3/SSL_CTX_new.pod
@@ -92,7 +92,7 @@ B<method> can be of the following types:
 These are the general-purpose I<version-flexible> SSL/TLS methods.
 The actual protocol version used will be negotiated to the highest version
 mutually supported by the client and the server.
-The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
+The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
 Applications should use these methods, and avoid the version-specific
 methods described below.
 
@@ -150,18 +150,19 @@ Use the I<version-flexible> methods instead of the version specific methods.
 If you want to limit the supported protocols for the version flexible
 methods you can use L<SSL_CTX_set_min_proto_version(3)>,
 L<SSL_set_min_proto_version(3)>, L<SSL_CTX_set_max_proto_version(3)> and
-LSSL_set_max_proto_version(3)> functions.
+L<SSL_set_max_proto_version(3)> functions.
 Using these functions it is possible to choose e.g. TLS_server_method()
 and be able to negotiate with all possible clients, but to only
-allow newer protocols like TLS 1.0, TLS 1.1 or TLS 1.2.
+allow newer protocols like TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3.
 
 The list of protocols available can also be limited using the
-B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1> and
-B<SSL_OP_NO_TLSv1_2> options of the L<SSL_CTX_set_options(3)> or
-L<SSL_set_options(3)> functions, but this approach is not recommended.
-Clients should avoid creating "holes" in the set of protocols they support.
-When disabling a protocol, make sure that you also disable either all previous
-or all subsequent protocol versions.
+B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1>,
+B<SSL_OP_NO_TLSv1_3>, B<SSL_OP_NO_TLSv1_2> and B<SSL_OP_NO_TLSv1_3>
+options of the
+L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions, but this approach
+is not recommended. Clients should avoid creating "holes" in the set of
+protocols they support. When disabling a protocol, make sure that you also
+disable either all previous or all subsequent protocol versions.
 In clients, when a protocol version is disabled without disabling I<all>
 previous protocol versions, the effect is to also disable all subsequent
 protocol versions.
@@ -204,13 +205,13 @@ All version-specific methods were deprecated in OpenSSL 1.1.0.
 =head1 SEE ALSO
 
 L<SSL_CTX_set_options(3)>, L<SSL_CTX_free(3)>, L<SSL_accept(3)>,
-L<SSL_CTX_set_min_proto_version(3)>, L<ssl(3)>, L<SSL_set_connect_state(3)>
+L<SSL_CTX_set_min_proto_version(3)>, L<ssl(7)>, L<SSL_set_connect_state(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.