projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add TLSv1.3 post-handshake authentication (PHA)
[openssl.git] / doc / man3 / SSL_CONF_cmd.pod
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 06b98bd4161f391a6529205c0157fdf443854b5c..27317e0652ac17f7e63d141ec036411591d5769f 100644 (file)
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -435,6 +435,18 @@ occurs if the client does not present a certificate. Servers only.
 B<Once> requests a certificate from a client only on the initial connection:
 not when renegotiating. Servers only.
 
+B<RequestPostHandshake> configures the connection to support requests but does
+not require a certificate from the client post-handshake. A certificate will
+not be requested during the initial handshake. The server application must
+provide a mechanism to request a certificate post-handshake. Servers only.
+TLSv1.3 only.
+
+B<RequiresPostHandshake> configures the connection to support requests and
+requires a certificate from the client post-handshake: an error occurs if the
+client does not present a certificate. A certificate will not be requested
+during the initial handshake. The server application must provide a mechanism
+to request a certificate post-handshake. Servers only. TLSv1.3 only.
+
 =item B<ClientCAFile>, B<ClientCAPath>
 
 A file or directory of certificates in PEM format whose names are used as the
Unnamed repository; edit this file 'description' to name the repository.