Add some documentation for the new QUIC mode in s_client

Also mentions the new FIN command in s_client advance mode Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from #20580)
openssl · May 8, 2023 · 90ae2c1 · 90ae2c1
1 parent c4f74e7
commit 90ae2c1
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -25,6 +25,13 @@ OpenSSL 3.2
 
 ### Changes between 3.1 and 3.2 [xx XXX xxxx]
 
+ * Added the "-quic" option to s_client to enable connectivity to QUIC servers.
+   QUIC requires the use of ALPN, so this must be specified via the "-alpn"
+   option. Use of the "advanced" s_client command command via the "-adv" option
+   is recommended.
+
+   *Matt Caswell*
+
  * Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]).
    The previous fix for this timing side channel turned out to cause
    a severe 2-3x performance regression in the typical use case

diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
@@ -20,6 +20,7 @@ B<openssl> B<s_client>
 [B<-unix> I<path>]
 [B<-4>]
 [B<-6>]
+[B<-quic>]
 [B<-servername> I<name>]
 [B<-noservername>]
 [B<-verify> I<depth>]
@@ -214,6 +215,11 @@ Use IPv4 only.
 
 Use IPv6 only.
 
+=item B<-quic>
+
+Connect using the QUIC protocol. If specified then the B<-alpn> option must also
+be provided.
+
 =item B<-servername> I<name>
 
 Set the TLS SNI (Server Name Indication) extension in the ClientHello message to
@@ -940,6 +946,11 @@ to update its keys. The default is "req".
 
 Initiate a renegotiation with the server. (D)TLSv1.2 or below only.
 
+=item B<fin>
+
+Indicate FIN on the current stream. QUIC only. Once FIN has been sent any
+further text entered for this stream is ignored.
+
 =back
 
 =head1 NOTES