CVSROOT: /cvs Module name: ports Changes by: k...@cvs.openbsd.org 2021/06/24 09:26:09
Modified files: security/openssl/1.0.2: Makefile security/openssl/1.1: Makefile Log message: Enable s_client(1) and s_server(1) "-trace" option Changes between 1.0.1l and 1.0.2 [22 Jan 2015] ... *) SSL/TLS tracing code. This parses out SSL/TLS records using the message callback and prints the results. Needs compile time option "enable-ssl-trace". New options to s_client and s_server to enable tracing. [Steve Henson] It is especially handy when looking at TLS handshakes, e.g. to try figure out why nc(1)/libtls TLSv1.3 fails but openssl(1)/libssl doesn't. LibreSSL's openssl(1) has -msg Show all protocol messages with hex dump. but it is not as nearly insightful as OpenSSL's s_client(1) -trace Show verbose trace output of protocol messages. OpenSSL needs to be compiled with enable-ssl-trace for this option to work. Upstream enabled "ssl-trace" by default as of 10.06.2021, see commit 726f92e016bac53175ed5d5321bce1ddf6b207d6. Feedback sthen tb OK tb