X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman3%2FSSL_CONF_cmd.pod;h=a8121865a936784eb3938936aea2342027dd03e1;hp=18cc88f59b4c0180421d18ebc4144f22dc6aa7b7;hb=fe7a4d7c4c8148f732bc47ef7585f4aa41b7391a;hpb=c0b4ff16755c5ced1bde62dd34f9df0ab8967f12 diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 18cc88f59b..a8121865a9 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_CONF_cmd_value_type, SSL_CONF_finish, +SSL_CONF_cmd_value_type, SSL_CONF_cmd - send configuration command =head1 SYNOPSIS @@ -11,7 +11,6 @@ SSL_CONF_cmd - send configuration command int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); - int SSL_CONF_finish(SSL_CONF_CTX *cctx); =head1 DESCRIPTION @@ -22,10 +21,6 @@ framework for command line options or configuration files. SSL_CONF_cmd_value_type() returns the type of value that B refers to. -The function SSL_CONF_finish() must be called after all configuration -operations have been completed. It is used to finalise any operations -or to process defaults. - =head1 SUPPORTED COMMAND LINE COMMANDS Currently supported B names for command lines (i.e. when the @@ -125,6 +120,11 @@ Attempts to pad TLS 1.3 records so that they are a multiple of B in length on send. A B of 0 or 1 turns off padding. Otherwise, the B must be >1 or <=16384. +=item B<-no_renegotiation> + +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +B. + =item B<-min_protocol>, B<-max_protocol> Sets the minimum and maximum supported protocol. @@ -186,6 +186,11 @@ permits or prohibits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to setting or clearing B. Set by default. +=item B<-allow_no_dhe_kex> + +In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. + =item B<-strict> enables strict mode protocol handling. Equivalent to setting @@ -257,6 +262,11 @@ Attempts to pad TLS 1.3 records so that they are a multiple of B in length on send. A B of 0 or 1 turns off padding. Otherwise, the B must be >1 or <=16384. +=item B + +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +B. + =item B This sets the supported signature algorithms for TLS v1.2. For clients this @@ -394,6 +404,10 @@ B: use encrypt-then-mac extension, enabled by default. Inverse of B: that is, B<-EncryptThenMac> is the same as setting B. +B: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on +resumption. This means that there will be no forward secrecy for the resumed +session. Equivalent to B. + =item B The B argument is a comma separated list of flags to set. @@ -466,7 +480,7 @@ SSLv3 is B disabled and attempt to override this by the user are ignored. By checking the return code of SSL_CONF_cmd() it is possible to query if a -given B is recognised, this is useful is SSL_CONF_cmd() values are +given B is recognised, this is useful if SSL_CONF_cmd() values are mixed with additional application specific operations. For example an application might call SSL_CONF_cmd() and if it returns @@ -559,8 +573,6 @@ error occurred attempting to perform the operation: for example due to an error in the syntax of B in this case the error queue may provide additional information. -SSL_CONF_finish() returns 1 for success and 0 for failure. - =head1 SEE ALSO L,