From 02afa553cc33400ead38ac85f8f7f2f3fe79f49d Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Fri, 28 May 2021 01:05:56 +0000 Subject: Server-side SNI, libtls version Implementation for bearssl coming soon. --- doc/s6-tlsd.html | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) (limited to 'doc/s6-tlsd.html') diff --git a/doc/s6-tlsd.html b/doc/s6-tlsd.html index 6b0228f..c1c6a59 100644 --- a/doc/s6-tlsd.html +++ b/doc/s6-tlsd.html @@ -38,7 +38,7 @@ the options given when configuring s6-networking.

Interface

-     s6-tlsd [ -S | -s ] [ -Y | -y ] [ -Z | -z ] [ -v verbosity ] [ -K kimeout ] [ -- ] prog...
+     s6-tlsd [ -S | -s ] [ -Y | -y ] [ -Z | -z ] [ -v verbosity ] [ -K kimeout ] [ -k snilevel ] [ -- ] prog...
 
@@ -136,6 +148,19 @@ is not to require a client certificate at all. to send data for kimeout milliseconds during the handshake, close the connection. The default is 0, which means infinite timeout (never kill the connection). +
  • -k snilevel : support alternative +certificate chains for SNI. If snilevel is nonzero, private +key file names are read from every environment variable of the form +KEYFILE:x, where x is a server name that +the client may require, and a corresponding certificate chain for the name +x should exist in the file named after the contents of the +CERTFILE:x environment variable. If snilevel +is 2 or more, only those files are read, and the generic +KEYFILE and CERTFILE variables are ignored. +If snilevel is 0, or if the option is not given, which is the +default, KEYFILE and CERTFILE are the only private +key / certificate chain pair that are loaded, no other environment +variable is read for keypairs.
  • Notes

    -- cgit v1.3.1