diff options
author | Matt Caswell <matt@openssl.org> | 2023-03-23 16:24:52 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-05-08 10:13:39 +0100 |
commit | 90ae2c13c1cc318568c65d6ad18409741cc54eae (patch) | |
tree | 781f7075696520ce85a659534e20980be10025fe | |
parent | c4f74e7fc90b02cbee59b46783222467b48491ff (diff) | |
download | openssl-new-90ae2c13c1cc318568c65d6ad18409741cc54eae.tar.gz |
Add some documentation for the new QUIC mode in s_client
Also mentions the new FIN command in s_client advance mode
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)
-rw-r--r-- | CHANGES.md | 7 | ||||
-rw-r--r-- | doc/man1/openssl-s_client.pod.in | 11 |
2 files changed, 18 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 60ef9febd7..13816d2cd6 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,6 +25,13 @@ OpenSSL 3.2 ### Changes between 3.1 and 3.2 [xx XXX xxxx] + * Added the "-quic" option to s_client to enable connectivity to QUIC servers. + QUIC requires the use of ALPN, so this must be specified via the "-alpn" + option. Use of the "advanced" s_client command command via the "-adv" option + is recommended. + + *Matt Caswell* + * Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]). The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index d05183737d..84cf6fdd81 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -20,6 +20,7 @@ B<openssl> B<s_client> [B<-unix> I<path>] [B<-4>] [B<-6>] +[B<-quic>] [B<-servername> I<name>] [B<-noservername>] [B<-verify> I<depth>] @@ -214,6 +215,11 @@ Use IPv4 only. Use IPv6 only. +=item B<-quic> + +Connect using the QUIC protocol. If specified then the B<-alpn> option must also +be provided. + =item B<-servername> I<name> Set the TLS SNI (Server Name Indication) extension in the ClientHello message to @@ -940,6 +946,11 @@ to update its keys. The default is "req". Initiate a renegotiation with the server. (D)TLSv1.2 or below only. +=item B<fin> + +Indicate FIN on the current stream. QUIC only. Once FIN has been sent any +further text entered for this stream is ignored. + =back =head1 NOTES |