+The following sections may optionally be defined:
+
+* server2 - this section configures a secondary context that is selected via the
+ ServerName test option. This context is used whenever a ServerNameCallback is
+ specified. If the server2 section is not present, then the configuration
+ matches server.
+* resume_server - this section configures the client to resume its session
+ against a different server. This context is used whenever HandshakeMode is
+ Resume. If the resume_server section is not present, then the configuration
+ matches server.
+* resume_client - this section configures the client to resume its session with
+ a different configuration. In practice this may occur when, for example,
+ upgraded clients reuse sessions persisted on disk. This context is used
+ whenever HandshakeMode is Resume. If the resume_client section is not present,
+ then the configuration matches client.
+
+### Configuring callbacks and additional options
+
+Additional handshake settings can be configured in the `extra` section of each
+client and server:
+
+```
+client => {
+ "CipherString" => "DEFAULT",
+ extra => {
+ "ServerName" => "server2",
+ }
+}
+```
+
+#### Supported client-side options
+
+* ClientVerifyCallback - the client's custom certificate verify callback.
+ Used to test callback behaviour. One of
+ - None - no custom callback (default)
+ - AcceptAll - accepts all certificates.
+ - RejectAll - rejects all certificates.
+
+* ServerName - the server the client should attempt to connect to. One of
+ - None - do not use SNI (default)
+ - server1 - the initial context
+ - server2 - the secondary context
+ - invalid - an unknown context
+
+* CTValidation - Certificate Transparency validation strategy. One of
+ - None - no validation (default)
+ - Permissive - SSL_CT_VALIDATION_PERMISSIVE
+ - Strict - SSL_CT_VALIDATION_STRICT
+
+#### Supported server-side options
+
+* ServerNameCallback - the SNI switching callback to use
+ - None - no callback (default)
+ - IgnoreMismatch - continue the handshake on SNI mismatch
+ - RejectMismatch - abort the handshake on SNI mismatch
+
+* BrokenSessionTicket - a special test case where the session ticket callback
+ does not initialize crypto.
+ - No (default)
+ - Yes
+
+#### Mutually supported options
+
+* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client
+ protocols can be specified as a comma-separated list, and a callback with the
+ recommended behaviour will be installed automatically.
+
+* SRPUser, SRPPassword - SRP settings. For client, this is the SRP user to
+ connect as; for server, this is a known SRP user.
+