[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Wed Mar 29 08:28:36 UTC 2017 

The branch OpenSSL_1_0_2-stable has been updated
       via  8625e92a7669ff69b23bc5dffe5cbefe7792c5c0 (commit)
      from  62f488d31733e5dc77b339f905b44f165550e47d (commit)


- Log -----------------------------------------------------------------
commit 8625e92a7669ff69b23bc5dffe5cbefe7792c5c0
Author: Steven Collison <steven at raycoll.com>
Date:   Tue Mar 28 09:02:37 2017 -0700

    doc: Add missing options in s_{server,client}
    
    These were added to the help in ad775e04f6dab but not the pods.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3065)
    (cherry picked from commit 254b58fd7335fa3c58e2535d46658109ffd8bdcd)

-----------------------------------------------------------------------

Summary of changes:
 doc/apps/s_client.pod | 15 +++++++++++++++
 doc/apps/s_server.pod | 14 ++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 29675dd..b45acbc 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -42,6 +42,8 @@ B<openssl> B<s_client>
 [B<-no_tls1_2>]
 [B<-fallback_scsv>]
 [B<-bugs>]
+[B<-sigalgs sigalglist>]
+[B<-curves curvelist>]
 [B<-cipher cipherlist>]
 [B<-serverpref>]
 [B<-starttls protocol>]
@@ -217,6 +219,19 @@ Send TLS_FALLBACK_SCSV in the ClientHello.
 there are several known bug in SSL and TLS implementations. Adding this
 option enables various workarounds.
 
+=item B<-sigalgs sigalglist>
+
+Specifies the list of signature algorithms that are sent by the client.
+The server selects one entry in the list based on its preferences.
+For example strings, see L<SSL_CTX_set1_sigalgs(3)>
+
+=item B<-curves curvelist>
+
+Specifies the list of supported curves to be sent by the client. The curve is
+is ultimately selected by the server. For a list of all curves, use:
+
+    $ openssl ecparam -list_curves
+
 =item B<-cipher cipherlist>
 
 this allows the cipher list sent by the client to be modified. Although
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index fa17488..1fe93dd 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -35,6 +35,8 @@ B<openssl> B<s_server>
 [B<-CAfile filename>]
 [B<-no_alt_chains>]
 [B<-nocert>]
+[B<-client_sigalgs sigalglist>]
+[B<-named_curve curve>]
 [B<-cipher cipherlist>]
 [B<-serverpref>]
 [B<-quiet>]
@@ -234,6 +236,18 @@ option enables various workarounds.
 this option enables a further workaround for some some early Netscape
 SSL code (?).
 
+=item B<-client_sigalgs sigalglist>
+
+Signature algorithms to support for client certificate authentication
+(colon-separated list)
+
+=item B<-named_curve curve>
+
+Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
+For a list of all possible curves, use:
+
+    $ openssl ecparam -list_curves
+
 =item B<-cipher cipherlist>
 
 this allows the cipher list used by the server to be modified.  When

More information about the openssl-commits mailing list