rpc.tlsservd: Add the -2 option to the man page

Since the KTLS now supports TLS1.3, the daemons default to version 1.3, since the draft (to be an RFC someday) requires TLS1.3. However, since FreeBSD 13,0, 13,1 uses TLS1.2 for NFS-over-TLS, the "-2" option is added to both daemons for compatibility with FreeBSD 13.0, 13.1. This patch updates the man pages for this. This is a content change. Reviewed by: pauamma_gundo.com MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D35290
2024-10-15 04:43:53 +00:00 · 2022-05-22 14:17:06 -07:00 · 2022-05-22 14:17:06 -07:00 · e2c72fecfc
parent 0bf3f379e1
commit e2c72fecfc
1 changed files with 11 additions and 1 deletions
--- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.8
+++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.8
@ -26,7 +26,7 @@
 .\" $FreeBSD$
 .\"
 .\" Modified from gssd.8 for rpc.tlsservd.8 by Rick Macklem.
-.Dd May 17, 2022
+.Dd May 22, 2022
 .Dt RPC.TLSSERVD 8
 .Os
 .Sh NAME
@ -34,6 +34,7 @@
 .Nd "Sun RPC over TLS Server Daemon"
 .Sh SYNOPSIS
 .Nm
+.Op Fl 2
 .Op Fl C Ar available_ciphers
 .Op Fl D Ar certdir
 .Op Fl d
@ -141,6 +142,15 @@ option has been specified.
 .Pp
 The options are as follows:
 .Bl -tag -width indent
+.It Fl 2 , Fl Fl allowtls1_2
+Permit clients to mount using TLS version 1.2.
+By default, the daemon will only allow mounts
+using TLS version 1.3, as required by the RFC.
+However, early
+.Fx
+.Pq 13.0 and 13.1
+clients require
+this option, since they use TLS version 1.2.
 .It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers
 Specify which ciphers are available during TLS handshake.
 If this option is specified,