Make the list of supported protocols more prominent

Manuals like httpd.conf(5) refer to this for valid protocol strings, but
elements inlined into sentences are hard find to spot.

Use a list as already done elsewhere in this manual.

OK jmc on earlier version
Feeback OK tb

1 files changed, 15 insertions, 5 deletions

diff --git a/src/lib/libtls/man/tls_config_set_protocols.3 b/src/lib/libtls/man/tls_config_set_protocols.3
index 0aed5b93cf..01f6369fe1 100644
--- a/src/lib/libtls/man/tls_config_set_protocols.3
+++ b/src/lib/libtls/man/tls_config_set_protocols.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_config_set_protocols.3,v 1.8 2020/01/22 06:46:34 beck Exp $
+.\" $OpenBSD: tls_config_set_protocols.3,v 1.9 2020/12/30 13:38:13 kn Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\" Copyright (c) 2015, 2016 Joel Sing <jsing@openbsd.org>
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 22 2020 $
+.Dd $Mdocdate: December 30 2020 $
 .Dt TLS_CONFIG_SET_PROTOCOLS 3
 .Os
 .Sh NAME
@@ -99,9 +99,19 @@ This value can then be passed to the
 .Fn tls_config_set_protocols
 function.
 The protocol string is a comma or colon separated list of keywords.
-Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all supported
-protocols), default (an alias for secure), legacy (an alias for all) and
-secure (currently TLSv1.2 and TLSv1.3).
+Valid keywords are:
+.Pp
+.Bl -tag -width "tlsv1.3" -offset indent -compact
+.It Dv tlsv1.0
+.It Dv tlsv1.1
+.It Dv tlsv1.2
+.It Dv tlsv1.3
+.It Dv all Pq all supported protocols
+.It Dv default Pq an alias for secure
+.It Dv legacy Pq an alias for all
+.It Dv secure Pq currently TLSv1.2 and TLSv1.3
+.El
+.Pp
 If a value has a negative prefix (in the form of a leading exclamation mark)
 then it is removed from the list of available protocols, rather than being
 added to it.