Main index | Section 8 | Options |
If either of the
If a SIGHUP signal is sent to the daemon it will reload the
"CRLfile"
and will shut down any extant connections that presented certificates
during TLS handshake that have been revoked.
If the
The daemon will log failed certificate verifications via
syslogd(8)
using LOG_INFO | LOG_DAEMON when the
The options are as follows:
| |
Specify the use of TLS version 1.2. By default, the client will use TLS version 1.3, as required by the RFC. However, early FreeBSD (13.0 and 13.1) servers require this option, since they only support TLS version 1.2. | |
| |
Specify which ciphers are available during TLS handshake. If this option is specified, "SSL_CTX_set_ciphersuites()" will be called with "available_ciphers" as the argument. If this option is not specified, the cipher will be chosen by ssl(7), which should be adequate for most cases. The format for the available ciphers is a simple ' : ' separated list, in order of preference. The command "openssl ciphers -s -tls1_3" lists available ciphers. | |
| |
Use
"certdir"
instead of /etc/rpc.tlsclntd for the
| |
| |
Run in debug mode. In this mode, rpc.tlsclntd will not fork when it starts. | |
| |
This specifies the path name of a CAfile which holds the information for server certificate verification. This path name is used in "SSL_CTX_load_verify_locations(ctx,CAfile,NULL)" and "SSL_CTX_set0_CA_list(ctx,SSL_load_client_CA_file(CAfile))" openssl library calls. Note that this is a path name for the file and is not assumed to be in "certdir". | |
| |
Enable support for mutual authentication.
A certificate and associated key must be found in /etc/rpc.tlsclntd
(or the directory specified by the
| |
| |
This option is similar to the
| |
| |
This option specifies a Certificate Revocation List (CRL) file
that is to be loaded into the verify certificate store and
checked during verification of the server's certificate.
This option is meaningless unless either the
| |
| |
Run in verbose mode.
In this mode,
rpc.tlsclntd
will log activity messages to syslog using LOG_INFO | LOG_DAEMON or to
stderr, if the
| |
RFC 9289, Towards Remote Procedure Call Encryption By Default,
RPC.TLSCLNTD (8) | September 23, 2022 |
Main index | Section 8 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
“ | Unix is a junk OS designed by a committee of PhDs. | ” |
— Dave Cutler |