From nobody Sun Jun 05 01:13:49 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7C5371BD561C; Sun, 5 Jun 2022 01:13:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LFzCd2nfhz3Pdx; Sun, 5 Jun 2022 01:13:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654391629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gg3Row+bh86pL01o3xj9KLE/inh3K9qC+y5+Ts6VYx0=; b=AYymZ8rLT5c0Kcs4fsFPerJI/Yv6F+aXlRwlKkxbDnag1MbNZh60A+duJcbiRv3rCIpcPr TTLjJIcSPa4wmYFS7K5WG+IbmIZlxdTLQWCKzhjFtvzxdpzHgJsF5VyFRxZXvWEcTCpXz/ INuKzwnpcClLc5YOXHO8pLuFhMw7u3r82YwgjdvF+gZ1yCVD0IokWJpU6qRl/oHADhEZiR xsApN/R/mYSaAe1hjEl1D30PvNyxsVrw/77WkEiz75m2MoiEZXaNtPr7gfHPCxZE8A1vw1 acwKx1s6C1z5KGVs5YzymlMCdI7VfMpwzZy2IzaV9pjGuRxR0qKXGGd+O4V9qw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 35DD62F4; Sun, 5 Jun 2022 01:13:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2551DnwR064094; Sun, 5 Jun 2022 01:13:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2551DnO7064093; Sun, 5 Jun 2022 01:13:49 GMT (envelope-from git) Date: Sun, 5 Jun 2022 01:13:49 GMT Message-Id: <202206050113.2551DnO7064093@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 9af6cedd270a - stable/13 - rpc.tlsclntd: Add the -2 option to the man page List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 9af6cedd270a6bc4fc07ed7dfd4fe53c81f6d6fe Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654391629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gg3Row+bh86pL01o3xj9KLE/inh3K9qC+y5+Ts6VYx0=; b=l0Lp8swO0k+elHupKKMB28Zf59EqFJmFEkXblGOFqsTzXCVEJZ4keZlNAk/wWGb9Wu4LZp OBYPxqmoEJLmtzoXDhmFWGvWPh0kl7eOgypLhI3jiaFY/Znx5Ii5ibzjt3scfPSAguKFCZ i3+l2BrZM/LGDU2gQn0eR06xftEh4djg3irHlSIIA2EyiSuK7u7SN1wDvX7WhIdh4Z2fjI TXjfLAC3/buEwl7rrC5U6S0jtxYLLoUwvE+PLubeGRKXx1uyw2II+UTTNFgpcAX/pVj/86 ZfT/t3Fh1MobjR2+2gxKONRKoggzyrsgz4/tKZUsUxh91hPsuhTZ5Jg05UhJUQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654391629; a=rsa-sha256; cv=none; b=qsM525VVpk4OzqORxNMDgIdCqY66YuiJoAipOMHh8EI5P2m6j5MmMW7Uwz1an3DykLbBdh WTIhX9GFGT124AXsI+74b0lrX+SVXkBIc8C5Cz8/ryCKVltiT0x3DxgODBGS7iw/lyqcK/ aIgTOHH/5afy4qKw3WOgYXXL2ELrfwlHquTEVCPQ0k7KlqlzlNU2tdlSBkO8KywECHbTxZ klxlLrNGZ4fxrKIptVS9F3rR0IsL92VDKrcWsSUR4j9xb2weVYeQgdTrcoUh3+UcKH7heL MNuKKYwk8b8uflrW3cnKOXz1rTbs/0AK0LW/ilhrFX6P8N4OSmwDSixlXdKSOg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=9af6cedd270a6bc4fc07ed7dfd4fe53c81f6d6fe commit 9af6cedd270a6bc4fc07ed7dfd4fe53c81f6d6fe Author: Rick Macklem AuthorDate: 2022-05-22 21:20:14 +0000 Commit: Rick Macklem CommitDate: 2022-06-05 01:13:07 +0000 rpc.tlsclntd: Add the -2 option to the man page Since the KTLS now supports TLS1.3, the daemons default to version 1.3, since the draft (to be an RFC someday) requires TLS1.3. However, since FreeBSD 13,0, 13,1 uses TLS1.2 for NFS-over-TLS, the "-2" option is added to both daemons for compatibility with FreeBSD 13.0, 13.1. This patch updates the man pages for this. This is a content change. (cherry picked from commit 915fc1afe57e89898c4edb0b19911e2a5b27976d) --- usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 index fa33a09411ac..d8e2d1cd140b 100644 --- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 +++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 @@ -26,7 +26,7 @@ .\" $FreeBSD$ .\" .\" Modified from gssd.8 for rpc.tlsclntd.8 by Rick Macklem. -.Dd May 18, 2022 +.Dd May 22, 2022 .Dt RPC.TLSCLNTD 8 .Os .Sh NAME @@ -34,6 +34,7 @@ .Nd "Sun RPC over TLS Client Daemon" .Sh SYNOPSIS .Nm +.Op Fl 2 .Op Fl C Ar available_ciphers .Op Fl D Ar certdir .Op Fl d @@ -92,6 +93,15 @@ option has been specified. .Pp The options are as follows: .Bl -tag -width indent +.It Fl 2 , Fl Fl usetls1_2 +Specify the use of TLS version 1.2. +By default, the client will +use TLS version 1.3, as required by the RFC. +However, early +.Fx +.Pq 13.0 and 13.1 +servers require +this option, since they only support TLS version 1.2. .It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers Specify which ciphers are available during TLS handshake. If this option is specified,