=item B<-allow_no_dhe_kex>
-In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means
-that there will be no forward secrecy for the resumed session.
+In (D)TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This
+means that there will be no forward secrecy for the resumed session.
=item B<-prefer_no_dhe_kex>
=item B<-sigalgs> I<algs>
-This sets the supported signature algorithms for TLSv1.2 and TLSv1.3.
+This sets the supported signature algorithms for (D)TLSv1.2 and (D)TLSv1.3.
For clients this value is used directly for the supported signature
algorithms extension. For servers it is used to determine which signature
algorithms to support.
B<hash> is a supported algorithm OID short name such as B<SHA1>, B<SHA224>,
B<SHA256>, B<SHA384> or B<SHA512>.
B<signature_scheme> is one of the signature schemes defined
-in TLSv1.3, specified using the IETF name, e.g., B<ecdsa_secp256r1_sha256>,
+in (D)TLSv1.3, specified using the IETF name, e.g., B<ecdsa_secp256r1_sha256>,
B<ed25519>, or B<rsa_pss_pss_sha256>. Additional providers may make available
further algorithms via the TLS-SIGALG capability.
Signature scheme names and public key algorithm names (but not the hash names)
Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by
using B<RSA> as the B<algorithm> or by using one of the B<rsa_pkcs1_*>
-identifiers) are ignored in TLSv1.3 and will not be negotiated.
+identifiers) are ignored in (D)TLSv1.3 and will not be negotiated.
=item B<-client_sigalgs> I<algs>
This sets the supported signature algorithms associated with client
-authentication for
TLSv1.2 and TLSv1.3. For servers the B<algs> is used
+authentication for
(D)TLSv1.2 and (D)TLSv1.3. For servers the B<algs> is used
in the B<signature_algorithms> field of a B<CertificateRequest> message.
For clients it is used to determine which signature algorithm to use with
the client certificate. If a server does not request a certificate this
This sets the supported groups. For clients, the groups are sent using
the supported groups extension. For servers, it is used to determine which
-group to use. This setting affects groups used for signatures (in TLSv1.2
+group to use. This setting affects groups used for signatures (in (D)TLSv1.2
and earlier) and key exchange.
In its simplest form the I<groups> argument is a colon separated list of
The list should be in order of preference with the most preferred group first.
The first group listed will also be used for the B<key_share> sent by a client
-in a TLSv1.3 B<ClientHello>.
+in a (D)TLSv1.3 B<ClientHello>.
-The commands below list the IANA names for TLS 1.2 and TLS 1.3,
+The commands below list the IANA names for (D)TLS 1.2 and (D)TLS 1.3,
respectively:
$ openssl list -tls1_2 -tls-groups
$ openssl list -tls1_3 -tls-groups
-The recommended groups (in order of decreasing performance) for TLS 1.3 are presently:
+The recommended groups (in order of decreasing performance) for (D)TLS 1.3 are presently:
B<x25519>,
B<secp256r1>,
An enriched alternative syntax, that enables clients to send multiple keyshares
and allows servers to prioritise some groups over others, is described in
L<SSL_CTX_set1_groups_list(3)>.
-Since TLS 1.2 has neither keyshares nor a hello retry mechanism, with TLS 1.2
+Since (D)TLS 1.2 has neither keyshares nor a hello retry mechanism, with (D)TLS 1.2
the enriched syntax is ultimately equivalent to just a simple ordered list of
groups, as with the simple form above.
=item B<-tx_cert_comp>
-Enables support for sending TLSv1.3 compressed certificates.
+Enables support for sending (D)TLSv1.3 compressed certificates.
=item B<-no_tx_cert_comp>
-Disables support for sending TLSv1.3 compressed certificates.
+Disables support for sending (D)TLSv1.3 compressed certificates.
=item B<-rx_cert_comp>
-Enables support for receiving TLSv1.3 compressed certificates.
+Enables support for receiving (D)TLSv1.3 compressed certificates.
=item B<-no_rx_cert_comp>
-Disables support for receiving TLSv1.3 compressed certificates.
+Disables support for receiving (D)TLSv1.3 compressed certificates.
=item B<-comp>
=item B<-cipher> I<ciphers>
-Sets the TLSv1.2 and below ciphersuite list to B<ciphers>. This list will be
-combined with any configured TLSv1.3 ciphersuites. Note: syntax checking
+Sets the (D)TLSv1.2 and below ciphersuite list to B<ciphers>. This list will be
+combined with any configured (D)TLSv1.3 ciphersuites. Note: syntax checking
of B<ciphers> is currently not performed unless a B<SSL> or B<SSL_CTX>
structure is associated with B<ctx>.
=item B<-ciphersuites> I<1.3ciphers>
-Sets the available ciphersuites for TLSv1.3 to value. This is a
-colon-separated list of TLSv1.3 ciphersuite names in order of preference. This
-list will be combined any configured TLSv1.2 and below ciphersuites.
+Sets the available ciphersuites for (D)TLSv1.3 to value. This is a
+colon-separated list of (D)TLSv1.3 ciphersuite names in order of preference.
+This list will be combined any configured (D)TLSv1.2 and below ciphersuites.
See L<openssl-ciphers(1)> for more information.
=item B<-min_protocol> I<minprot>, B<-max_protocol> I<maxprot>
Sets the minimum and maximum supported protocol.
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
-B<TLSv1.2>, B<TLSv1.3> for TLS; B<DTLSv1>, B<DTLSv1.2> for DTLS, and B<None>
-for no limit.
+B<TLSv1.2>, B<TLSv1.3> for TLS; B<DTLSv1>, B<DTLSv1.2>, B<DTLSv1.3> for DTLS,
+and B<None> for no limit.
If either the lower or upper bound is not specified then only the other bound
applies, if specified.
If your application supports both TLS and DTLS you can specify any of these
=item B<-record_padding> I<padding>
-Controls use of TLSv1.3 record layer padding. B<padding> is a string of the
+Controls use of
(D)TLSv1.3 record layer padding. B<padding> is a string of the
form "number[,number]" where the (required) first number is the padding block
size (in octets) for application data, and the optional second number is the
padding block size for handshake and alert messages. If the optional second
number is omitted, the same padding will be applied to all messages.
-Padding attempts to pad TLSv1.3 records so that they are a multiple of the set
+Padding attempts to pad (D)TLSv1.3 records so that they are a multiple of the set
length on send. A value of 0 or 1 turns off padding as relevant. Otherwise, the
values must be >1 or <=16384.
Switches replay protection, on or off respectively. With replay protection on,
OpenSSL will automatically detect if a session ticket has been used more than
-once, TLSv1.3 has been negotiated, and early data is enabled on the server. A
-full handshake is forced if a session ticket is used a second or subsequent
+once, (D)TLSv1.3 has been negotiated, and early data is enabled on the server.
+A full handshake is forced if a session ticket is used a second or subsequent
time. Anti-Replay is on by default unless overridden by a configuration file and
is only used by servers. Anti-replay measures are required for compliance with
-the TLSv1.3 specification. Some applications may be able to mitigate the replay
+the (D)TLSv1.3 specification. Some applications may be able to mitigate the replay
risks in other ways and in such cases the built-in OpenSSL functionality is not
required. Switching off anti-replay is equivalent to B<SSL_OP_NO_ANTI_REPLAY>.
=item B<CipherString>
-Sets the ciphersuite list for TLSv1.2 and below to B<value>. This list will be
-combined with any configured TLSv1.3 ciphersuites. Note: syntax
+Sets the ciphersuite list for (D)TLSv1.2 and below to B<value>. This list will
+be combined with any configured (D)TLSv1.3 ciphersuites. Note: syntax
checking of B<value> is currently not performed unless an B<SSL> or B<SSL_CTX>
structure is associated with B<ctx>.
=item B<Ciphersuites>
-Sets the available ciphersuites for TLSv1.3 to B<value>. This is a
-colon-separated list of TLSv1.3 ciphersuite names in order of preference. This
-list will be combined any configured TLSv1.2 and below ciphersuites.
+Sets the available ciphersuites for (D)TLSv1.3 to B<value>. This is a
+colon-separated list of (D)TLSv1.3 ciphersuite names in order of preference.
+This list will be combined any configured (D)TLSv1.2 and below ciphersuites.
See L<openssl-ciphers(1)> for more information.
=item B<Certificate>
This option indicates a file containing a set of certificates in PEM form.
The subject names of the certificates are sent to the peer in the
-B<certificate_authorities> extension for (D)TLS 1.3 (in ClientHello or
+B<certificate_authorities> extension for (D)TLSv1.3 (in ClientHello or
CertificateRequest) or in a certificate request for previous versions or
TLS.
=item B<RecordPadding>
-Controls use of TLSv1.3 record layer padding. B<value> is a string of the form
+Controls use of (D)TLSv1.3 record layer padding. B<value> is a string of the form
"number[,number]" where the (required) first number is the padding block size
(in octets) for application data, and the optional second number is the padding
block size for handshake and alert messages. If the optional second number is
omitted, the same padding will be applied to all messages.
-Padding attempts to pad TLSv1.3 records so that they are a multiple of the set
+Padding attempts to pad (D)TLSv1.3 records so that they are a multiple of the set
length on send. A value of 0 or 1 turns off padding as relevant. Otherwise, the
values must be >1 or <=16384.
=item B<SignatureAlgorithms>
-This sets the supported signature algorithms for TLSv1.2 and TLSv1.3.
+This sets the supported signature algorithms for (D)TLSv1.2 and (D)TLSv1.3.
For clients this
value is used directly for the supported signature algorithms extension. For
servers it is used to determine which signature algorithms to support.
B<algorithm> is one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported
algorithm OID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384>
or B<SHA512>.
-B<signature_scheme> is one of the signature schemes defined in TLSv1.3,
+B<signature_scheme> is one of the signature schemes defined in (D)TLSv1.3,
specified using the IANA name, e.g., B<ecdsa_secp256r1_sha256>, B<ed25519>,
or B<rsa_pss_pss_sha256>.
Signature scheme names and public key algorithm names (but not the hash names)
Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by
using B<RSA> as the B<algorithm> or by using one of the B<rsa_pkcs1_*>
-identifiers) are ignored in TLSv1.3 and will not be negotiated.
+identifiers) are ignored in (D)TLSv1.3 and will not be negotiated.
=item B<ClientSignatureAlgorithms>
This sets the supported signature algorithms associated with client
-authentication for TLSv1.2 and TLSv1.3.
+authentication for (D)TLSv1.2 and (D)TLSv1.3.
For servers the value is used in the
B<signature_algorithms> field of a B<CertificateRequest> message.
For clients it is
This sets the supported groups. For clients, the groups are
sent using the supported groups extension. For servers, it is used
to determine which group to use. This setting affects groups used for
-signatures (in TLSv1.2 and earlier) and key exchange. The first group listed
-will also be used for the B<key_share> sent by a client in a TLSv1.3
+signatures (in (D)TLSv1.2 and earlier) and key exchange. The first group listed
+will also be used for the B<key_share> sent by a client in a (D)TLSv1.3
B<ClientHello>.
The B<groups> argument is a colon separated list of groups. The preferred
Group names are case-insensitive in OpenSSL 3.5 and later.
The list should be in order of preference with the most preferred group first.
-The commands below list the available groups for TLS 1.2 and TLS 1.3,
+The commands below list the available groups for (D)TLS 1.2 and (D)TLS 1.3,
respectively:
$ openssl list -tls1_2 -tls-groups
An enriched alternative syntax, that enables clients to send multiple keyshares
and allows servers to prioritise some groups over others, is described in
L<SSL_CTX_set1_groups_list(3)>.
-Since TLS 1.2 has neither keyshares nor a hello retry mechanism, with TLS 1.2
+Since (D)TLS 1.2 has neither keyshares nor a hello retry mechanism, with (D)TLS 1.2
the enriched syntax is ultimately equivalent to just a simple ordered list of
groups, as with the simple form above.
This sets the minimum supported SSL, TLS or DTLS version.
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
-B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>.
+B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1>, B<DTLSv1.2> and B<DTLSv1.3>.
The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
apply only to DTLS-based contexts.
The command can be repeated with one instance setting a TLS bound, and the
This sets the maximum supported SSL, TLS or DTLS version.
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
-B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>.
+B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1>, B<DTLSv1.2> and B<DTLSv1.3>.
The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
apply only to DTLS-based contexts.
The command can be repeated with one instance setting a TLS bound, and the
versions.
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
-B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>.
+B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1>, B<DTLSv1.2> and B<DTLSv1.3>.
The special value B<ALL> refers to all supported versions.
This can't enable protocols that are disabled using B<MinProtocol>
B<NoResumptionOnRenegotiation>: set
B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers.
-B<NoRenegotiation>: disables all attempts at renegotiation in TLSv1.2 and
+B<NoRenegotiation>: disables all attempts at renegotiation in (D)TLSv1.2 and
earlier, same as setting B<SSL_OP_NO_RENEGOTIATION>.
B<UnsafeLegacyRenegotiation>: permits the use of unsafe legacy renegotiation.
default. Inverse of B<SSL_OP_NO_ENCRYPT_THEN_MAC>: that is,
B<-EncryptThenMac> is the same as setting B<SSL_OP_NO_ENCRYPT_THEN_MAC>.
-B<AllowNoDHEKEX>: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on
+B<AllowNoDHEKEX>: In (D)TLSv1.3 allow a non-(ec)dhe based key exchange mode on
resumption. This means that there will be no forward secrecy for the resumed
session. Equivalent to B<SSL_OP_ALLOW_NO_DHE_KEX>.
default. Equivalent to B<SSL_OP_ENABLE_MIDDLEBOX_COMPAT>.
B<AntiReplay>: If set then OpenSSL will automatically detect if a session ticket
-has been used more than once, TLSv1.3 has been negotiated, and early data is
+has been used more than once, (D)TLSv1.3 has been negotiated, and early data is
enabled on the server. A full handshake is forced if a session ticket is used a
second or subsequent time. This option is set by default and is only used by
-servers. Anti-replay measures are required to comply with the TLSv1.3
+servers. Anti-replay measures are required to comply with the (D)TLSv1.3
specification. Some applications may be able to mitigate the replay risks in
other ways and in such cases the built-in OpenSSL functionality is not required.
Disabling anti-replay is equivalent to setting B<SSL_OP_NO_ANTI_REPLAY>.
not require a certificate from the client post-handshake. A certificate will
not be requested during the initial handshake. The server application must
provide a mechanism to request a certificate post-handshake. Servers only.
-TLSv1.3 only.
+(D)TLSv1.3 only.
B<RequiresPostHandshake> configures the connection to support requests and
requires a certificate from the client post-handshake: an error occurs if the
client does not present a certificate. A certificate will not be requested
during the initial handshake. The server application must provide a mechanism
-to request a certificate post-handshake. Servers only. TLSv1.3 only.
+to request a certificate post-handshake. Servers only. (D)TLSv1.3 only.
=item B<ClientCAFile>, B<ClientCAPath>
projects / thirdparty / openssl.git / commitdiff
