diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2023-11-11 23:55:28 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska@appnovation.com> | 2023-11-11 23:55:28 +0000 |
| commit | 24d1860868682d33f60970119b1cff1bf088a497 (patch) | |
| tree | cb88a880d6bcb921af076cc0a107ac705c9764f0 /doc | |
| parent | 1e10d30b41b65dbd520e01adc5fe686cb92b0f12 (diff) | |
| download | s6-networking-24d1860868682d33f60970119b1cff1bf088a497.tar.xz | |
New and fixed version of sbearssl_run
Signed-off-by: Laurent Bercot <ska@appnovation.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/s6-tlsc-io.html | 7 | ||||
| -rw-r--r-- | doc/s6-tlsc.html | 7 | ||||
| -rw-r--r-- | doc/s6-tlsd-io.html | 7 | ||||
| -rw-r--r-- | doc/s6-tlsd.html | 7 | ||||
| -rw-r--r-- | doc/upgrade.html | 2 |
5 files changed, 14 insertions, 16 deletions
diff --git a/doc/s6-tlsc-io.html b/doc/s6-tlsc-io.html index b4bb154..f4a81a2 100644 --- a/doc/s6-tlsc-io.html +++ b/doc/s6-tlsc-io.html @@ -195,10 +195,9 @@ connection without using <tt>close_notify</tt>. This is the default. </li> <li> <tt>-k <em>servername</em></tt> : use Server Name Indication, and send <em>servername</em>. The default is not to use SNI, which may be a security risk. </li> - <li> <tt>-K <em>kimeout</em></tt> : if the peer fails -to send data for <em>kimeout</em> milliseconds during the handshake, -close the connection. The default is 0, which means infinite timeout -(never kill the connection). </li> + <li> <tt>-K <em>kimeout</em></tt> : if the handshake takes +more than <em>kimeout</em> milliseconds to complete, close the connection. +The default is 0, which means infinite timeout (never kill the connection). </li> <li> <tt>-d <em>notif</em></tt> : handshake notification. <em>notif</em> must be a file descriptor open for writing. When the TLS handshake has completed, some data (terminated by two null diff --git a/doc/s6-tlsc.html b/doc/s6-tlsc.html index 95cc44f..1d11c5b 100644 --- a/doc/s6-tlsc.html +++ b/doc/s6-tlsc.html @@ -131,10 +131,9 @@ connection without using <tt>close_notify</tt>. This is the default. </li> <li> <tt>-k <em>servername</em></tt> : use Server Name Indication, and send <em>servername</em>. The default is not to use SNI, which may be a security risk. </li> - <li> <tt>-K <em>kimeout</em></tt> : if the peer fails -to send data for <em>kimeout</em> milliseconds during the handshake, -close the connection. The default is 0, which means infinite timeout -(never kill the connection). </li> + <li> <tt>-K <em>kimeout</em></tt> : if the handshake takes +more than <em>kimeout</em> milliseconds to complete, close the connection. +The default is 0, which means infinite timeout (never kill the connection). </li> <li> <tt>-6 <em>fdr</em></tt> : expect an open file descriptor numbered <em>fdr</em> to read network (ciphertext) data from. Make sure <em>prog</em> also reads its data diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html index 600690c..0f3b922 100644 --- a/doc/s6-tlsd-io.html +++ b/doc/s6-tlsd-io.html @@ -218,10 +218,9 @@ The certificate is mandatory: if the client gives none, the handshake fails. The default, with neither the <tt>-Y</tt> nor the <tt>-y</tt> option, is not to request a client certificate at all. </li> - <li> <tt>-K <em>kimeout</em></tt> : if the peer fails -to send data for <em>kimeout</em> milliseconds during the handshake, -close the connection. The default is 0, which means infinite timeout -(never kill the connection). </li> + <li> <tt>-K <em>kimeout</em></tt> : if the handshake takes +more than <em>kimeout</em> milliseconds to complete, close the connection. +The default is 0, which means infinite timeout (never kill the connection). </li> <li> <tt>-k <em>snilevel</em></tt> : support alternative certificate chains for SNI. If <em>snilevel</em> is nonzero, private key file names are read from every environment variable of the form diff --git a/doc/s6-tlsd.html b/doc/s6-tlsd.html index 658c0b9..883777b 100644 --- a/doc/s6-tlsd.html +++ b/doc/s6-tlsd.html @@ -143,10 +143,9 @@ connection without using <tt>close_notify</tt>. This is the default. </li> <li> <tt>-y</tt> : Request a mandatory client certificate. The default, with neither the <tt>-Y</tt> nor the <tt>-y</tt> option, is not to request a client certificate at all. </li> - <li> <tt>-K <em>kimeout</em></tt> : if the peer fails -to send data for <em>kimeout</em> milliseconds during the handshake, -close the connection. The default is 0, which means infinite timeout -(never kill the connection). </li> + <li> <tt>-K <em>kimeout</em></tt> : if the handshake takes +more than <em>kimeout</em> milliseconds to complete, close the connection. +The default is 0, which means infinite timeout (never kill the connection). </li> <li> <tt>-k <em>snilevel</em></tt> : support alternative certificate chains for SNI. If <em>snilevel</em> is nonzero, private key file names are read from every environment variable of the form diff --git a/doc/upgrade.html b/doc/upgrade.html index 292030e..8ae492b 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -28,6 +28,8 @@ side. This allows users to invoke it directly when it is relevant. </li> <li> Consequently, <a href="s6-tlsc.html">s6-tlsc</a> and <a href="s6-ucpistlsc.html">s6-ucspitlsc</a> have changed how they invoke <a href="s6-tlsc-io.html">s6-tlsc-io</a>. </li> + <li> The <tt>-K</tt> option to TLS programs has slightly changed semantics: +it now indicates a timeout for the whole handshake. </li> </ul> <h2> in 2.6.0.0 </h2> |