From nobody Sun May 22 21:21:22 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9935A1B389A5; Sun, 22 May 2022 21:21:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L5tgQ3x0tz4Y9B; Sun, 22 May 2022 21:21:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653254482; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GnOhafrMecq2oT/PYBIObz//5ISejjrGuKRdoBt5q2g=; b=ZGDp40P+Ffe/QxlUDMq7sljtNIgc3wtgBQSM8LSXAEExar3bGJ0z+GlI/8Umz8Ku4N3Yg/ Gs3pxyBZlH2zmeDX1UoXxRdr+U8dKUjNHMnKAXdP3SNRi5Wni5T9o7olHTaKmiop1rWzLp E1tHzX0ealPYxiYCC49u8q5YI4oyazk4PxWEcngrMkudQbCw55HPplRqvCsEm+5/Hv7Tdm dP/SlRENGrGOPH5/InbbF9SS5RN/h7hTROq97bqSP8+cWjgIDHfVeouUOVLmxK/KtJNniJ Ki6vqvgq6cM8Kk7JQTeBlKyhM3VlDUNg2RO5vRDQim4q0tL5JmVE7wmGpYhDZQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6757A22F8C; Sun, 22 May 2022 21:21:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 24MLLMiE086001; Sun, 22 May 2022 21:21:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 24MLLMVS086000; Sun, 22 May 2022 21:21:22 GMT (envelope-from git) Date: Sun, 22 May 2022 21:21:22 GMT Message-Id: <202205222121.24MLLMVS086000@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Rick Macklem Subject: git: 915fc1afe57e - main - rpc.tlsclntd: Add the -2 option to the man page List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 915fc1afe57e89898c4edb0b19911e2a5b27976d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653254482; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GnOhafrMecq2oT/PYBIObz//5ISejjrGuKRdoBt5q2g=; b=U50rz14bUTT/EdApFQ71LEVj9V7vfW0E1d++l947P8nyItRSSa71pSmnbdvwlHerFpwuKw b4XEVT0zRstxIaTEex4L0pQV30ECDzffXGioPeqVdyu+qs2iqBlYzA7IC6N7GYYhAeu4yL Z88CVqAkzLgwrpGOYu3VdJ7RdOJ9wawK7i6d3RP7gnrjDYxooZLlEOcfDZkx9UUg+v+0I3 UNsE9xHJntH8DOuYQhsxHzjDtG0S0rnegXm12hY4iTvoczVHdEpNRHgn0lr+8WhR3+MuW1 Y4xmUCwn9kZ8fRNuIs01OLlU3QFS9hDD0dpg/P8bD1BTGzRPoZIwx+IH/0x0jw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1653254482; a=rsa-sha256; cv=none; b=xjr5r9Of50PIMObv7E3gPvvdO/J7et2QTzU1OUIzb8VGLKOqCbUGteO9O8m+mtDsBsNbT4 nPUy8og4vuAfMZVstpk9oTqOuDQtvDTfKfTyHiRvZbJT7DI9tYXYyyLcYI36/j2pCia0vs EyFrMCfmyMYS2u80S0P32e2Jsf1l4YfQRi7++aMJV7nn+2/7OWXPDSiE/JO4cYIYo0TkKp 9pj9gfBCUKpqBPPs03Cl0JdoHjVi14WnTRx+WOo1C9mJ242qnjQQwfwe86NyvrsMRRbktW ZCHyjvC9RCGIiiLtn4fRRD/rqluALSKIqJ1IT8g3RNdQJpb/ModTfPVWpHXu2A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=915fc1afe57e89898c4edb0b19911e2a5b27976d commit 915fc1afe57e89898c4edb0b19911e2a5b27976d Author: Rick Macklem AuthorDate: 2022-05-22 21:20:14 +0000 Commit: Rick Macklem CommitDate: 2022-05-22 21:20:14 +0000 rpc.tlsclntd: Add the -2 option to the man page Since the KTLS now supports TLS1.3, the daemons default to version 1.3, since the draft (to be an RFC someday) requires TLS1.3. However, since FreeBSD 13,0, 13,1 uses TLS1.2 for NFS-over-TLS, the "-2" option is added to both daemons for compatibility with FreeBSD 13.0, 13.1. This patch updates the man pages for this. This is a content change. Reviewed by: pauamma_gundo.com MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D35290 --- usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 index fa33a09411ac..d8e2d1cd140b 100644 --- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 +++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.8 @@ -26,7 +26,7 @@ .\" $FreeBSD$ .\" .\" Modified from gssd.8 for rpc.tlsclntd.8 by Rick Macklem. -.Dd May 18, 2022 +.Dd May 22, 2022 .Dt RPC.TLSCLNTD 8 .Os .Sh NAME @@ -34,6 +34,7 @@ .Nd "Sun RPC over TLS Client Daemon" .Sh SYNOPSIS .Nm +.Op Fl 2 .Op Fl C Ar available_ciphers .Op Fl D Ar certdir .Op Fl d @@ -92,6 +93,15 @@ option has been specified. .Pp The options are as follows: .Bl -tag -width indent +.It Fl 2 , Fl Fl usetls1_2 +Specify the use of TLS version 1.2. +By default, the client will +use TLS version 1.3, as required by the RFC. +However, early +.Fx +.Pq 13.0 and 13.1 +servers require +this option, since they only support TLS version 1.2. .It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers Specify which ciphers are available during TLS handshake. If this option is specified,