doc: Add missing options in s_{server,client}

[openssl.git] / doc / man1 / s_server.pod

diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index 337dc2c9f9b1d02c92aea276d1c6cf1a5f6305e1..6fe16f3d866f11efaf82bbd4471db6fe711cfb23 100644 (file)
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -61,6 +61,7 @@ B<openssl> B<s_server>
 [B<-no_alt_chains>]
 [B<-use_deltas>]
 [B<-auth_level num>]
+[B<-nameopt option>]
 [B<-verify_depth num>]
 [B<-verify_return_error>]
 [B<-verify_email email>]
@@ -69,6 +70,8 @@ B<openssl> B<s_server>
 [B<-verify_name name>]
 [B<-x509_strict>]
 [B<-nocert>]
+[B<-client_sigalgs sigalglist>]
+[B<-named_curve curve>]
 [B<-cipher cipherlist>]
 [B<-serverpref>]
 [B<-quiet>]
@@ -112,6 +115,8 @@ B<openssl> B<s_server>
 [B<-status_file file>]
 [B<-alpn protocols>]
 [B<-nextprotoneg protocols>]
+[B<-max_early_data>]
+[B<-early_data>]
 
 =head1 DESCRIPTION
 
@@ -261,6 +266,13 @@ must supply a certificate or an error occurs.
 If the ciphersuite cannot request a client certificate (for example an
 anonymous ciphersuite or PSK) this option has no effect.
 
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas.  Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the L<x509(1)> manual page for details.
+
 =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
 B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
 B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
@@ -403,6 +415,18 @@ OpenSSL 1.1.0.
 Provide a brief summary of connection parameters instead of the normal verbose
 output.
 
+=item B<-client_sigalgs sigalglist>
+
+Signature algorithms to support for client certificate authentication
+(colon-separated list)
+
+=item B<-named_curve curve>
+
+Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
+For a list of all possible curves, use:
+
+    $ openssl ecparam -list_curves
+
 =item B<-cipher cipherlist>
 
 This allows the cipher list used by the server to be modified.  When
@@ -519,6 +543,22 @@ The list should contain most wanted protocols first.
 Protocol names are printable ASCII strings, for example "http/1.1" or
 "spdy/3".
 
+=item B<-keylogfile path>
+
+Appends TLS secrets to the specified keylog file such that external programs
+(like Wireshark) can decrypt TLS connections.
+
+=item B<-max_early_data arg>
+
+Change the default maximum early data bytes that are specified for new sessions
+and any incoming early data (when used in conjunction with the B<-early_data>
+flag). The default value is approximately 16k. The argument must be an integer
+greater than or equal to 0.
+
+=item B<-early_data>
+
+Accept early data where possible.
+
 =back
 
 =head1 CONNECTED COMMANDS
@@ -557,11 +597,6 @@ cause the client to disconnect due to a protocol violation.
 
 print out some session cache status information.
 
-=item B<-keylogfile path>
-
-Appends TLS secrets to the specified keylog file such that external programs
-(like Wireshark) can decrypt TLS connections.
-
 =back
 
 =head1 NOTES