Overview
Comment: | Added more notes to doc file. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | tls-1.8 |
Files: | files | file ages | folders |
SHA3-256: |
369965b608426682bb5d6bd76ba3fc35 |
User & Date: | bohagan on 2024-06-23 00:51:49 |
Other Links: | branch diff | manifest | tags |
Context
2024-06-23
| ||
01:39 | Undo change in OpenSSL 1.1.1 which enabled SSL_MODE_AUTO_RETRY. This will avoid hangs in blocking mode after an non-app record is received, but an app record is not yet available. Also enabled SSL_MODE_ENABLE_PARTIAL_WRITE, which allows writes with fewer than all records written to be successful. check-in: 991ab74cdd user: bohagan tags: tls-1.8 | |
00:51 | Added more notes to doc file. check-in: 369965b608 user: bohagan tags: tls-1.8 | |
2024-06-20
| ||
01:01 | Added support for setting the certificate store check-in: 1cabc3b8f2 user: bohagan tags: tls-1.8 | |
Changes
Modified doc/tls.html
from [6b223dd015]
to [4577570d14].
︙ | ︙ | |||
184 185 186 187 188 189 190 | is set to true, then <strong>-request</strong> must also be set to true and a either a -cadir, -cafile, or platform default must be provided in order to validate against. (default is <em>false</em>)</dd> <dt><strong>-security_level</strong> <em>integer</em></dt> <dd>Specifies the security level (value from 0 to 5). The security level affects the cipher suite encryption algorithms, supported ECC curves, supported signature algorithms, DH parameter sizes, certificate key | | | | | > | > | > > | > > | 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 | is set to true, then <strong>-request</strong> must also be set to true and a either a -cadir, -cafile, or platform default must be provided in order to validate against. (default is <em>false</em>)</dd> <dt><strong>-security_level</strong> <em>integer</em></dt> <dd>Specifies the security level (value from 0 to 5). The security level affects the cipher suite encryption algorithms, supported ECC curves, supported signature algorithms, DH parameter sizes, certificate key sizes and signature algorithms. The default is 1 prior to OpenSSL 3.2 and 2 thereafter. Level 3 and higher disable support for session tickets and only accept cipher suites that provide forward secrecy.</dd> <dt><strong>-server</strong> <em>bool</em></dt> <dd>Specifies whether to act as a server and respond with a server handshake when a client connects and provides a client handshake. (default is <em>false</em>)</dd> <dt><strong>-servername</strong> <em>host</em></dt> <dd>Specify server's hostname. This is used to set the TLS Server Name Indication (SNI) extension. Set this to the expected servername in the server's certificate or one of the subjectAltName alternates.</dd> <dt><strong>-session_id</strong> <em>string</em></dt> <dd>Specifies the session id to resume session.</dd> <dt><strong>-ssl2</strong> <em>bool</em></dt> <dd>Enable use of SSL v2. (default is <em>false</em>). Note: Recent versions of OpenSSL don't support SSLv2.</dd> <dt><strong>-ssl3 </strong><em>bool</em></dt> <dd>Enable use of SSL v3. (default is <em>false</em>). Note: SSL v3 must also be enabled with a compile time option.</dd> <dt>-<strong>tls1</strong> <em>bool</em></dt> <dd>Enable use of TLS v1. (default is <em>true</em>). Note: TLS 1.0 needs SHA1 to operate, which is only available in security level 0 for Open SSL 3.0+.</dd> <dt>-<strong>tls1.1</strong> <em>bool</em></dt> <dd>Enable use of TLS v1.1 (default is <em>true</em>). Note: TLS 1.1 needs SHA1 to operate, which is only available in security level 0 for Open SSL 3.0+.</dd> <dt>-<strong>tls1.2</strong> <em>bool</em></dt> <dd>Enable use of TLS v1.2 (default is <em>true</em>)</dd> <dt>-<strong>tls1.3</strong> <em>bool</em></dt> <dd>Enable use of TLS v1.3 (default is <em>true</em>)</dd> <dt><strong>-validatecommand</strong> <em>callback</em></dt> <dd>Specifies the callback command to invoke to validate protocol config parameters during the protocol negotiation phase. This can be |
︙ | ︙ |