From 4b08eaf5c71af0175765fa9bfc10b4e694e105e9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 10 Jan 2000 00:11:51 +0000 Subject: [PATCH] Update docs. --- doc/man/s_server.pod | 50 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 7 deletions(-) diff --git a/doc/man/s_server.pod b/doc/man/s_server.pod index 277fd2f259..5b6a20221d 100644 --- a/doc/man/s_server.pod +++ b/doc/man/s_server.pod @@ -36,6 +36,7 @@ B B [B<-no_tls1>] [B<-no_dhe>] [B<-bugs>] +[B<-hack>] [B<-www>] [B<-WWW>] @@ -159,6 +160,11 @@ servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. there are several known bug in SSL and TLS implementations. Adding this option enables various workarounds. +=item B<-hack> + +this option enables a further workaround for some some early Netscape +SSL code (?). + =item B<-cipher cipherlist> this allows the cipher list sent by the client to be modified. See the @@ -182,10 +188,40 @@ requested the file ./page.html will be loaded. =head1 CONNECTED COMMANDS If a connection request is established with an SSL client and neither the -B<-www> nor the B<-WWW> option has been used then any data received from -the server is displayed and any key presses will be sent to the server. If -the line begins with an B then the session will be renegotiated. If the -line begins with a B the connection will be closed down. +B<-www> nor the B<-WWW> option has been used then normally any data received +from the client is displayed and any key presses will be sent to the client. + +Certain single letter commands are also recognised which perform special +operations: these are listed below. + +=over 4 + +=item B + +end the current SSL connection but still accept new connections. + +=item B + +end the current SSL connection and exit. + +=item B + +renegotiate the SSL session. + +=item B + +renegotiate the SSL session and request a client certificate. + +=item B

+ +send some plain text down the underlying TCP connection: this should +cause the client to disconnect due to a protocol violation. + +=item B + +print out some session cache status information. + +=back =head1 NOTES @@ -201,8 +237,8 @@ suites, so they cannot connect to servers which don't use a certificate carrying an RSA key or a version of OpenSSL with RSA disabled. Although specifying an empty list of CAs when requesting a client certificate -is strictly speaking a protocol violation, some SSL clients assume any CA is -acceptable. This is useful for debugging purposes. +is strictly speaking a protocol violation, some SSL clients interpret this to +mean any CA is acceptable. This is useful for debugging purposes. The session parameters can printed out using the B program. @@ -214,7 +250,7 @@ hard to read and not a model of how things should be done. A typical SSL server program would be much simpler. The output of common ciphers is wrong: it just gives the list of ciphers that -OpenSSL recognises and the client supports. +OpenSSL recognizes and the client supports. There should be a way for the B program to print out details of any unknown cipher suites a client says it supports. -- GitLab