diff options
| -rw-r--r-- | apps/s_client.c | 6 | ||||
| -rw-r--r-- | apps/s_server.c | 6 | ||||
| -rw-r--r-- | doc/man1/s_client.pod | 1 | ||||
| -rw-r--r-- | doc/man1/s_server.pod | 1 |
4 files changed, 14 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 8af3853e4b..ad0eaec562 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1424,6 +1424,12 @@ int s_client_main(int argc, char **argv) if (argc != 0) goto opthelp; +#ifndef OPENSSL_NO_NEXTPROTONEG + if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { + BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); + goto opthelp; + } +#endif if (proxystr != NULL) { int res; char *tmp_host = host, *tmp_port = port; diff --git a/apps/s_server.c b/apps/s_server.c index 26947c31f3..930ef6e4a8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1536,6 +1536,12 @@ int s_server_main(int argc, char *argv[]) argc = opt_num_rest(); argv = opt_rest(); +#ifndef OPENSSL_NO_NEXTPROTONEG + if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { + BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); + goto opthelp; + } +#endif #ifndef OPENSSL_NO_DTLS if (www && socket_type == SOCK_DGRAM) { BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n"); diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 9f6084d53e..57fa920eb8 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -564,6 +564,7 @@ for example "http/1.1" or "spdy/3". An empty list of protocols is treated specially and will cause the client to advertise support for the TLS extension but disconnect just after receiving ServerHello with a list of server supported protocols. +The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used. =item B<-ct|noct> diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 6f22797695..5f6054ac83 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -609,6 +609,7 @@ The B<val> list is a comma-separated list of supported protocol names. The list should contain the most desirable protocols first. Protocol names are printable ASCII strings, for example "http/1.1" or "spdy/3". +The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used. =item B<-engine val> |