X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman1%2Fs_server.pod;h=f601794372e4ef8fd8b34abdb1c7d2ba87e5928f;hp=2b7db637b16ff256299cb9304ff06a153e20f90d;hb=3bb5e5b09e32defefda2b61087c113203005ffa0;hpb=7cacbe9d66b3bcedb57ef87da051e69d6e5b7f14

diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index 2b7db637b1..f601794372 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -180,6 +180,8 @@ B<openssl> B<s_server>
 [B<-keylogfile outfile>]
 [B<-max_early_data int>]
 [B<-early_data>]
+[B<-anti_replay>]
+[B<-no_anti_replay>]
 
 =head1 DESCRIPTION
 
@@ -709,6 +711,15 @@ greater than or equal to 0.
 
 Accept early data where possible.
 
+=item B<-anti_replay>, B<-no_anti_replay>
+
+Switches replay protection on or off, respectively. Replay protection is on by
+default unless overridden by a configuration file. When it is on, OpenSSL will
+automatically detect if a session ticket has been used more than once, TLSv1.3
+has been negotiated, and early data is enabled on the server. A full handshake
+is forced if a session ticket is used a second or subsequent time. Any early
+data that was sent will be rejected.
+
 =back
 
 =head1 CONNECTED COMMANDS