Update the documentation for the new SSL_OP_ALLOW_NO_DHE_KEX option

Also the associated configuration parameters and command line switches.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)

diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 94356daffb7d95cddf3f0e0d9afec7e55f836333..c262d4a4963e1ce204f9ffceca07e4003f78b6ae 100644 (file)
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -93,6 +93,7 @@ B<openssl> B<s_client>
 [B<-bugs>]
 [B<-comp>]
 [B<-no_comp>]
 [B<-bugs>]
 [B<-comp>]
 [B<-no_comp>]

+[B<-allow_no_dhe_kex>]

 [B<-sigalgs sigalglist>]
 [B<-curves curvelist>]
 [B<-cipher cipherlist>]
 [B<-sigalgs sigalglist>]
 [B<-curves curvelist>]
 [B<-cipher cipherlist>]

diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index 5f6054ac83d8d7779d3248387ca231537024051a..b1195fdae33623aefe70aaea137f02ac26f05f0b 100644 (file)
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -102,6 +102,7 @@ B<openssl> B<s_server>
 [B<-legacy_server_connect>]
 [B<-no_resumption_on_reneg>]
 [B<-no_legacy_server_connect>]
 [B<-legacy_server_connect>]
 [B<-no_resumption_on_reneg>]
 [B<-no_legacy_server_connect>]

+[B<-allow_no_dhe_kex>]

 [B<-strict>]
 [B<-sigalgs val>]
 [B<-client_sigalgs val>]
 [B<-strict>]
 [B<-sigalgs val>]
 [B<-client_sigalgs val>]

diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 173386c1bd430fa3fac2984b3153107ea6e59f75..529acdc356c870f867a7cd1c6e657a60accce169 100644 (file)
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -186,6 +186,11 @@ permits or prohibits the use of unsafe legacy renegotiation for OpenSSL
 clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>.
 Set by default.
 
 clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>.
 Set by default.
 

+=item B<-allow_no_dhe_kex>
+
+In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means
+that there will be no forward secrecy for the resumed session.
+

 =item B<-strict>
 
 enables strict mode protocol handling. Equivalent to setting
 =item B<-strict>
 
 enables strict mode protocol handling. Equivalent to setting


@@ -399,6 +404,10 @@ B<EncryptThenMac>: use encrypt-then-mac extension, enabled by
 default. Inverse of B<SSL_OP_NO_ENCRYPT_THEN_MAC>: that is,
 B<-EncryptThenMac> is the same as setting B<SSL_OP_NO_ENCRYPT_THEN_MAC>.
 
 default. Inverse of B<SSL_OP_NO_ENCRYPT_THEN_MAC>: that is,
 B<-EncryptThenMac> is the same as setting B<SSL_OP_NO_ENCRYPT_THEN_MAC>.
 

+B<AllowNoDHEKEX>: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on
+resumption. This means that there will be no forward secrecy for the resumed
+session. Equivalent to B<SSL_OP_ALLOW_NO_DHE_KEX>.
+

 =item B<VerifyMode>
 
 The B<value> argument is a comma separated list of flags to set.
 =item B<VerifyMode>
 
 The B<value> argument is a comma separated list of flags to set.

diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod
index 5155a1f6792019a7d4d6a12f6148d2fe5a9e87d6..bd7f111d4cf7187c4dc795326a19a921cb77a709 100644 (file)
--- a/doc/man3/SSL_CTX_set_options.pod
+++ b/doc/man3/SSL_CTX_set_options.pod
@@ -175,6 +175,11 @@ propose, and servers will not accept the extension.
 Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
 messages, and ignore renegotiation requests via ClientHello.
 
 Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
 messages, and ignore renegotiation requests via ClientHello.
 

+=item SSL_OP_ALLOW_NO_DHE_KEX
+
+In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means
+that there will be no forward secrecy for the resumed session.
+

 =back
 
 The following options no longer have any effect but their identifiers are
 =back
 
 The following options no longer have any effect but their identifiers are