From 90ae2c13c1cc318568c65d6ad18409741cc54eae Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 23 Mar 2023 16:24:52 +0000 Subject: Add some documentation for the new QUIC mode in s_client Also mentions the new FIN command in s_client advance mode Reviewed-by: Hugo Landau Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/20580) --- CHANGES.md | 7 +++++++ doc/man1/openssl-s_client.pod.in | 11 +++++++++++ 2 files changed, 18 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 60ef9febd7..13816d2cd6 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,6 +25,13 @@ OpenSSL 3.2 ### Changes between 3.1 and 3.2 [xx XXX xxxx] + * Added the "-quic" option to s_client to enable connectivity to QUIC servers. + QUIC requires the use of ALPN, so this must be specified via the "-alpn" + option. Use of the "advanced" s_client command command via the "-adv" option + is recommended. + + *Matt Caswell* + * Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]). The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index d05183737d..84cf6fdd81 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -20,6 +20,7 @@ B B [B<-unix> I] [B<-4>] [B<-6>] +[B<-quic>] [B<-servername> I] [B<-noservername>] [B<-verify> I] @@ -214,6 +215,11 @@ Use IPv4 only. Use IPv6 only. +=item B<-quic> + +Connect using the QUIC protocol. If specified then the B<-alpn> option must also +be provided. + =item B<-servername> I Set the TLS SNI (Server Name Indication) extension in the ClientHello message to @@ -940,6 +946,11 @@ to update its keys. The default is "req". Initiate a renegotiation with the server. (D)TLSv1.2 or below only. +=item B + +Indicate FIN on the current stream. QUIC only. Once FIN has been sent any +further text entered for this stream is ignored. + =back =head1 NOTES -- cgit v1.2.1