From 8b3efb53027dd4f7d51b7ca9dd9658f02d6f1b1a Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Sat, 12 Oct 2019 17:45:56 -0400
Subject: Update the SSL/TLS connection options

Refactor common flags for SSL/TLS connection options.
Update SSL_CONF_cmd.pod to match ordering.
Rewrite much of the documentation.

Fixes #10160

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10191)
---
 doc/man1/openssl-s_server.pod.in | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

(limited to 'doc/man1/openssl-s_server.pod.in')

diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index 78119281db..b31d4f6a2c 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -41,6 +41,7 @@ B<openssl> B<s_server>
 [B<-no_resume_ephemeral>]
 [B<-www>]
 [B<-WWW>]
+[B<-http_server_binmode>]
 [B<-servername>]
 [B<-servername_fatal>]
 [B<-cert2> I<infile>]
@@ -88,7 +89,6 @@ B<openssl> B<s_server>
 [B<-no_comp>]
 [B<-comp>]
 [B<-no_ticket>]
-[B<-num_tickets>]
 [B<-serverpref>]
 [B<-legacy_renegotiation>]
 [B<-no_renegotiation>]
@@ -125,16 +125,17 @@ B<openssl> B<s_server>
 [B<-use_srtp> I<val>]
 [B<-alpn> I<val>]
 [B<-keylogfile> I<outfile>]
-[B<-max_early_data> I<int>]
 [B<-recv_max_early_data> I<int>]
+[B<-max_early_data> I<int>]
 [B<-early_data>]
 [B<-stateless>]
 [B<-anti_replay>]
 [B<-no_anti_replay>]
-[B<-http_server_binmode>]
+[B<-num_tickets>]
 {- $OpenSSL::safe::opt_name_synopsis -}
 {- $OpenSSL::safe::opt_version_synopsis -}
 {- $OpenSSL::safe::opt_v_synopsis -}
+{- $OpenSSL::safe::opt_s_synopsis -}
 {- $OpenSSL::safe::opt_x_synopsis -}
 {- $OpenSSL::safe::opt_trust_synopsis -}
 {- $OpenSSL::safe::opt_r_synopsis -}
@@ -371,6 +372,11 @@ In addition, the special URL C</stats> will return status
 information like the B<-www> option.
 Neither of these options can be used in conjunction with B<-early_data>.
 
+=item B<-http_server_binmode>
+
+When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested
+by the client in binary mode.
+
 =item B<-id_prefix> I<val>
 
 Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful
@@ -641,15 +647,12 @@ has been negotiated, and early data is enabled on the server. A full handshake
 is forced if a session ticket is used a second or subsequent time. Any early
 data that was sent will be rejected.
 
-=item B<-http_server_binmode>
-
-When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested
-by the client in binary mode.
-
 {- $OpenSSL::safe::opt_name_item -}
 
 {- $OpenSSL::safe::opt_version_item -}
 
+{- $OpenSSL::safe::opt_s_item -}
+
 {- $OpenSSL::safe::opt_x_item -}
 
 {- $OpenSSL::safe::opt_trust_item -}
-- 
cgit v1.2.3