git: 0bf3f379e18f - main - rpc.tlsclntd: Update the man page for the -C option

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Rick Macklem <rmacklem_at_FreeBSD.org>
Date: Sun, 22 May 2022 21:00:16 UTC
The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=0bf3f379e18f5f01af77a23163222165321a5502

commit 0bf3f379e18f5f01af77a23163222165321a5502
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2022-05-22 20:58:59 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2022-05-22 20:58:59 +0000

    rpc.tlsclntd: Update the man page for the -C option
    
    Commit f5b40aa0dea6 modifies the -C command line option
    for rpc.tlsclntd to use the TLS 1.3 SSL_CTX_set_ciphersuites().
    
    This patch updates the man page for this modified command
    line option.
    
    This is a content change.
    
    Reviewed by:    jhb, pauamma_gundo.com (same change for rpc.tlsservd.8)
    MFC after:      2 weeks
---
 usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8
index 23a9d05495c1..fa33a09411ac 100644
--- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8
+++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8
@@ -26,7 +26,7 @@
 .\" $FreeBSD$
 .\"
 .\" Modified from gssd.8 for rpc.tlsclntd.8 by Rick Macklem.
-.Dd February 17, 2021
+.Dd May 18, 2022
 .Dt RPC.TLSCLNTD 8
 .Os
 .Sh NAME
@@ -34,7 +34,7 @@
 .Nd "Sun RPC over TLS Client Daemon"
 .Sh SYNOPSIS
 .Nm
-.Op Fl C Ar preferred_ciphers
+.Op Fl C Ar available_ciphers
 .Op Fl D Ar certdir
 .Op Fl d
 .Op Fl l Ar CAfile
@@ -92,15 +92,24 @@ option has been specified.
 .Pp
 The options are as follows:
 .Bl -tag -width indent
-.It Fl C Ar preferred_ciphers , Fl Fl ciphers= Ns Ar preferred_ciphers
-Specify what preferred ciphers are to be used.
+.It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers
+Specify which ciphers are available during TLS handshake.
 If this option is specified,
-.Dq SSL_CTX_set_cipher_list()
+.Dq SSL_CTX_set_ciphersuites()
 will be called with
-.Dq preferred_ciphers
+.Dq available_ciphers
 as the argument.
 If this option is not specified, the cipher will be chosen by
-.Xr ssl 7 .
+.Xr ssl 7 ,
+which should be adequate for most cases.
+The format for the available ciphers is a simple
+.So
+:
+.Sc
+separated list, in order of preference.
+The command
+.Dq openssl ciphers -s -tls1_3
+lists available ciphers.
 .It Fl D Ar certdir , Fl Fl certdir= Ns Ar certdir
 Use
 .Dq certdir