Commit 35d15a39 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add -listen documentation 



This commit adds documentation for the new -listen option to s_server. Along
the way it also adds documentation for -dtls, -dtls1 and -dtls1_2 which was
missing.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent fd4e98ec

doc/apps/s_server.pod

+19 −0
Original line number Diff line number Diff line
@@ -67,6 +67,10 @@ B<openssl> B<s_server> 
[B<-no_tmp_rsa>]

[B<-ssl3>]

[B<-tls1>]

[B<-dtls>]

[B<-dtls1>]

[B<-dtls1_2>]

[B<-listen>]

[B<-no_ssl3>]

[B<-no_tls1>]

[B<-no_dhe>]
@@ -283,6 +287,21 @@ these options disable the use of certain SSL or TLS protocols. By default 
the initial handshake uses a method which should be compatible with all

servers and permit them to use SSL v3 or TLS as appropriate.



=item B<-dtls>, B<-dtls1>, B<-dtls1_2>



these options make s_server use DTLS protocols instead of TLS. With B<-dtls>

s_server will negotiate any supported DTLS protcol version, whilst B<-dtls1> and

B<-dtls1_2> will only support DTLS1.0 and DTLS1.2 respectively.



=item B<-listen>



this option can only be used in conjunction with one of the DTLS options above.

With this option s_server will listen on a UDP port for incoming connections.

Any ClientHellos that arrive will be checked to see if they have a cookie in

them or not. Any without a cookie will be responded to with a

HelloVerifyRequest. If a ClientHello with a cookie is received then s_server

will connect to that peer and complete the handshake.



=item B<-bugs>



there are several known bug in SSL and TLS implementations. Adding this