Change Post Handshake auth so that it is opt-in

Having post handshake auth automatically switched on breaks some applications written for TLSv1.2. This changes things so that an explicit function call is required for a client to indicate support for post-handshake auth. Fixes #6933. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6938)
author: Matt Caswell <matt@openssl.org> 2018-08-13 15:23:27 +0100
committer: Matt Caswell <matt@openssl.org> 2018-08-20 15:14:01 +0100
commit: 32097b33bdff520d149ad6c8a11bd344e4ef764b (patch)
tree: c46929e459ee7c2688765c56afbf329f38a6edda /doc/man1/s_client.pod
parent: 756510c102885005c2fc31eb01e3a6b95f8ed985 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 80152e1ba4..fa5cb0a92d 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -134,7 +134,7 @@ B<openssl> B<s_client>
 [B<-ctlogfile>]
 [B<-keylogfile file>]
 [B<-early_data file>]
-[B<-force_pha>]
+[B<-enable_pha>]
 [B<target>]
 
 =head1 DESCRIPTION
@@ -700,10 +700,10 @@ Reads the contents of the specified file and attempts to send it as early data
 to the server. This will only work with resumed sessions that support early
 data and when the server accepts the early data.
 
-=item B<-force_pha>
+=item B<-enable_pha>
 
-For TLSv1.3 only, always send the Post-Handshake Authentication extension,
-whether or not a certificate has been provided via B<-cert>.
+For TLSv1.3 only, send the Post-Handshake Authentication extension. This will
+happen whether or not a certificate has been provided via B<-cert>.
 
 =item B<[target]>
author	Matt Caswell <matt@openssl.org>	2018-08-13 15:23:27 +0100
committer	Matt Caswell <matt@openssl.org>	2018-08-20 15:14:01 +0100
commit	32097b33bdff520d149ad6c8a11bd344e4ef764b (patch)
tree	c46929e459ee7c2688765c56afbf329f38a6edda /doc/man1/s_client.pod
parent	756510c102885005c2fc31eb01e3a6b95f8ed985 (diff)