Add -listen documentation

[openssl.git] / doc / apps / s_server.pod

diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 567df2cfef00aa32f3690d76f9692e0cb9d16554..3fd9a81562c27c28ba658f39e2d6b15ac11b9464 100644 (file)
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -67,6 +67,10 @@ B<openssl> B<s_server>
 [B<-no_tmp_rsa>]
 [B<-ssl3>]
 [B<-tls1>]
+[B<-dtls>]
+[B<-dtls1>]
+[B<-dtls1_2>]
+[B<-listen>]
 [B<-no_ssl3>]
 [B<-no_tls1>]
 [B<-no_dhe>]
@@ -283,6 +287,21 @@ these options disable the use of certain SSL or TLS protocols. By default
 the initial handshake uses a method which should be compatible with all
 servers and permit them to use SSL v3 or TLS as appropriate.
 
+=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
+
+these options make s_server use DTLS protocols instead of TLS. With B<-dtls>
+s_server will negotiate any supported DTLS protcol version, whilst B<-dtls1> and
+B<-dtls1_2> will only support DTLS1.0 and DTLS1.2 respectively.
+
+=item B<-listen>
+
+this option can only be used in conjunction with one of the DTLS options above.
+With this option s_server will listen on a UDP port for incoming connections.
+Any ClientHellos that arrive will be checked to see if they have a cookie in
+them or not. Any without a cookie will be responded to with a
+HelloVerifyRequest. If a ClientHello with a cookie is received then s_server
+will connect to that peer and complete the handshake.
+
 =item B<-bugs>
 
 there are several known bug in SSL and TLS implementations. Adding this