tls(3): document support for TLSv1.1 and TLSv1.2
This commit is contained in:
cinap_lenrek
parent
9408c5faa1
commit
67acf2449f
1 changed files with 26 additions and 13 deletions
|
|
@ -1,6 +1,6 @@
|
||||||
.TH TLS 3
|
.TH TLS 3
|
||||||
.SH NAME
|
.SH NAME
|
||||||
tls \- TLS1 and SSL3 record layer
|
tls \- TLS and SSL3 record layer
|
||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
.nf
|
.nf
|
||||||
.B bind -a #a /net
|
.B bind -a #a /net
|
||||||
|
|
@ -17,7 +17,7 @@ tls \- TLS1 and SSL3 record layer
|
||||||
.fi
|
.fi
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
The TLS device implements the record layer protocols
|
The TLS device implements the record layer protocols
|
||||||
of Transport Layer Security version 1.0 and Secure Sockets Layer version 3.0.
|
of Transport Layer Security version 1.0-1.2 and Secure Sockets Layer version 3.0.
|
||||||
It does not implement the handshake protocols, which are responsible for
|
It does not implement the handshake protocols, which are responsible for
|
||||||
mutual authentication and key exchange.
|
mutual authentication and key exchange.
|
||||||
The
|
The
|
||||||
|
|
@ -55,8 +55,11 @@ format records, but incoming messages of either version are accepted.
|
||||||
Valid versions are
|
Valid versions are
|
||||||
.B 0x300
|
.B 0x300
|
||||||
for SSLv3.0 and
|
for SSLv3.0 and
|
||||||
.B 0x301
|
.BR 0x301 ,
|
||||||
for TLSv1.0 (which could be known as SSLv3.01.)
|
.B 0x302
|
||||||
|
and
|
||||||
|
.B 0x303
|
||||||
|
for TLSv1.0 (which could be known as SSLv3.01), TLSv1.1 and TLSv1.2.
|
||||||
This command must be issued before any other command
|
This command must be issued before any other command
|
||||||
and before reading or writing any messages;
|
and before reading or writing any messages;
|
||||||
it may only be executed once.
|
it may only be executed once.
|
||||||
|
|
@ -118,7 +121,7 @@ command.
|
||||||
.BI alert \ alertno
|
.BI alert \ alertno
|
||||||
Send an alert message.
|
Send an alert message.
|
||||||
.I Alertno
|
.I Alertno
|
||||||
may be a valid alert code for either SSLv3.0 or TLSv1.0,
|
may be a valid alert code for either SSLv3.0 or TLS,
|
||||||
and is mapped to an appropriate code for the protocol in use.
|
and is mapped to an appropriate code for the protocol in use.
|
||||||
If it is a fatal alert, the filter is set into an error state.
|
If it is a fatal alert, the filter is set into an error state.
|
||||||
.PP
|
.PP
|
||||||
|
|
@ -257,16 +260,26 @@ will give the space-separated list of algorithms implemented.
|
||||||
This will always include
|
This will always include
|
||||||
.BR clear ,
|
.BR clear ,
|
||||||
meaning no encryption or digesting.
|
meaning no encryption or digesting.
|
||||||
Currently implemented encryption algorithms are
|
Currently implemented encryption algorithms for use with TLSv1.0 and TLSv1.1 are:
|
||||||
.B 'rc4_128',
|
.BR rc4_128 ,
|
||||||
.BR '3des_ede_cbc',
|
.BR 3des_ede_cbc ,
|
||||||
.BR 'aes_128_cbc',
|
.B aes_128_cbc
|
||||||
and
|
and
|
||||||
.BR 'aes_256_cbc'.
|
.BR aes_256_cbc .
|
||||||
Currently implemented hashing algorithms are
|
For TLSv1.2, which adds support for authenticated encryption with
|
||||||
.B 'md5'
|
associated data (AEAD), the following ciphers are supported:
|
||||||
|
.BR ccpoly64_aead ,
|
||||||
|
.BR ccpoly96_aead ,
|
||||||
|
.B aes_128_gcm_aead
|
||||||
and
|
and
|
||||||
.BR 'sha1' .
|
.BR aes_256_gcm_aead .
|
||||||
|
Currently implemented hashing algorithms are:
|
||||||
|
.BR md5 ,
|
||||||
|
.B sha1
|
||||||
|
and
|
||||||
|
.BR sha256 .
|
||||||
|
For an AEAD cipher, the hashing algorithm should be set to
|
||||||
|
.BR clear .
|
||||||
.SH "SEE ALSO"
|
.SH "SEE ALSO"
|
||||||
.IR listen (8),
|
.IR listen (8),
|
||||||
.IR dial (2),
|
.IR dial (2),
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue