@@ -11,28 +11,28 @@
package require Tcl 8.4
-package require tls @@VERS@@
-
-tls::init ?options?
-tls::socket ?options? host
-port
-tls::socket ?-server command? ?options? port
-tls::status ?-local? channel
-tls::handshake channel
-
-tls::import channel ?options?
-tls::unimport channel
-tls::ciphers
-protocol ?verbose?
+package require tls
+
+tls::init ?options?
+tls::socket ?options? host port
+tls::socket ?-server command? ?options? port
+tls::status ?-local? channel
+tls::connection channel
+tls::handshake channel
+tls::import channel ?options?
+tls::unimport channel
+
+tls::ciphers protocol ?verbose?
tls::version
+ ++
- -autoservername bool
- Automatically send the -servername as the host argument - (default: false)
+ (default is false) +
++ ++
- -alpn list
+- List of protocols to offer during Application-Layer + Protocol Negotiation (ALPN). For example: h2, http/1.1, etc.
+- -cadir dir
+- Specify the directory containing the CA certificates. The + default directory is platform specific and can be set at + compile time. This can be overridden via the SSL_CERT_DIR + environment variable.
+- -cafile filename
+- Specify the certificate authority (CA) file to use.
+- -certfile filename
+- Specify the filename containing the certificate to use. The + default name is cert.pem. This can be overridden via + the SSL_CERT_FILE environment variable.
+- -cert filename
+- Specify the contents of a certificate to use, as a DER + encoded binary value (X.509 DER).
+- -cipher string
+- List of ciphers to use. See OpenSSL documentation for the full + list of valid values.
+- -command callback
+- Callback to invoke at several points during the handshake. + This is used to pass errors and tracing information, and + it can allow Tcl scripts to perform their own certificate + validation in place of the default validation provided by + OpenSSL. See CALLBACK OPTIONS + for further discussion.
+- -dhparams filename
+- Specify the Diffie-Hellman parameters file.
+- -keyfile filename
+- Specify the private key file. (default is + value of -certfile)
+- -key filename
+- Specify the private key to use as a DER encoded value (PKCS#1 DER)
+- -model channel
+- Force this channel to share the same SSL_CTX + structure as the specified channel, and + therefore share callbacks etc.
+- -password callback
+- Callback to invoke when OpenSSL needs to obtain a password, + typically to unlock the private key of a certificate. The + callback should return a string which represents the password + to be used. See CALLBACK OPTIONS + for further discussion.
+- -request bool
+- Request a certificate from peer during SSL handshake. + (default is true)
+- -require bool
+- Require a valid certificate from peer during SSL handshake. + If this is set to true, then -request must + also be set to true. (default is false)
+- -server bool
+- Handshake as server if true, else handshake as + client. (default is false)
+- -servername host
+- Specify server hostname. Only available if the OpenSSL library + the package is linked against supports the TLS hostname extension + for 'Server Name Indication' (SNI). Use to name the logical host + we are talking to and expecting a certificate for.
+- -ssl2 bool
+- Enable use of SSL v2. (default is false)
+- -ssl3 bool
+- Enable use of SSL v3. (default is false)
+- -tls1 bool
+- Enable use of TLS v1. (default is true)
+- -tls1.1 bool
+- Enable use of TLS v1.1 (default is true)
+- -tls1.2 bool
+- Enable use of TLS v1.2 (default is true)
+- -tls1.3 bool
+- Enable use of TLS v1.3 (default is true)
-
- issuer dn
- The distinguished name (DN) of the certificate @@ -154,123 +239,61 @@
- alpn protocol
- The protocol selected after Application-Layer Protocol Negotiation (ALPN).
- version value
- The protocol version used for the connection: - SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, unknown
+ SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, or unknown
--
- -alpn list
-- List of protocols to offer during Application-Layer - Protocol Negotiation (ALPN). For example: h2, http/1.1, etc.
-- -cadir dir
-- Provide the directory containing the CA certificates. The - default directory is platform specific and can be set at - compile time. This can be overridden via the SSL_CERT_DIR - environment variable.
-- -cafile filename
-- Provide the CA file.
-- -certfile filename
-- Provide the name of a file containing certificate to use. - The default name is cert.pem. This can be overridden via the - SSL_CERT_FILE environment variable.
-- -cert filename
-- Provide the contents of a certificate to use, as a DER encoded binary value (X.509 DER).
-- -cipher string
-- Provide the cipher suites to use. Syntax is as per - OpenSSL.
-- -command callback
-- If specified, this callback will be invoked at several points - during the OpenSSL handshake. It can pass errors and tracing - information, and it can allow Tcl scripts to perform - their own validation of the certificate in place of the - default validation provided by OpenSSL. -
-
- See CALLBACK OPTIONS for - further discussion.- -dhparams filename
-- Provide a Diffie-Hellman parameters file.
-- -keyfile filename
-- Provide the private key file. (default: - value of -certfile)
-- -key filename
-- Provide the private key to use as a DER encoded value (PKCS#1 DER)
-- -model channel
-- This will force this channel to share the same SSL_CTX - structure as the specified channel, and - therefore share callbacks etc.
-- -password callback
-- If supplied, this callback will be invoked when OpenSSL needs - to obtain a password, typically to unlock the private key of - a certificate. - The callback should return a string which represents the - password to be used. -
-
- See CALLBACK OPTIONS for - further discussion.- -request bool
-- Request a certificate from peer during SSL handshake. - (default: true)
-- -require bool
-- Require a valid certificate from peer during SSL - handshake. If this is set to true then -request - must also be set to true. (default: false)
-- -server bool
-- Handshake as server if true, else handshake as - client.(default: false)
-- -servername host
-- Only available if the OpenSSL library the package is linked - against supports the TLS hostname extension for 'Server Name - Indication' (SNI). Use to name the logical host we are talking - to and expecting a certificate for
-- -ssl2 bool
-- Enable use of SSL v2. (default: false)
-- -ssl3 bool
-- Enable use of SSL v3. (default: false)
-- -tls1 bool
-- Enable use of TLS v1. (default: true)
-- -tls1.1 bool
-- Enable use of TLS v1.1 (default: true)
-- -tls1.2 bool
-- Enable use of TLS v1.2 (default: true)
-- -tls1.3 bool
-- Enable use of TLS v1.3 (default: true)
+- state state
+- State of the connection: initializing, handshake, established
+- server name
+- The name of the connected to server.
+- protocol version
+- The protocol version used for the connection: + SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown
+- cipher cipher
+- The current cipher in use for the connection.
+- standard_name name
+- The standard RFC name of cipher.
+- bits n
+- The number of processed bits used for cipher.
+- secret_bits n
+- The number of secret bits used for cipher.
+- min_version version
+- The minimum protocol version for cipher.
+- description string
+- A text description of the cipher.
+- renegotiation state
+- Whether protocol renegotiation is allowed or disallowed.
+- alpn protocol
+- The protocol selected after Application-Layer Protocol + Negotiation (ALPN).
+- session_reused boolean
+- Whether the session has been reused or not.