1 files changed, 18 insertions, 8 deletions
diff --git a/src/usr.bin/nc/nc.1 b/src/usr.bin/nc/nc.1
index bb3a8f7cf5..e10d385a14 100644
--- a/src/usr.bin/nc/nc.1
+++ b/src/usr.bin/nc/nc.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: nc.1,v 1.87 2017/07/15 18:11:47 jmc Exp $
+.\"     $OpenBSD: nc.1,v 1.88 2017/11/28 16:59:10 jsing Exp $
 .\"
 .\" Copyright (c) 1996 David Sacerdote
 .\" All rights reserved.
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 15 2017 $
+.Dd $Mdocdate: November 28 2017 $
 .Dt NC 1
 .Os
 .Sh NAME
@@ -233,10 +233,6 @@ Change IPv4 TOS value or TLS options.
 For TLS options
 .Ar keyword
 may be one of:
-.Ar tlsall ,
-which allows the use of all supported TLS protocols and ciphers;
-.Ar tlscompat ,
-which allows the use of all supported TLS protocols and "compat" ciphers;
 .Ar noverify ,
 which disables certificate verification;
 .Ar noname ,
@@ -246,6 +242,15 @@ which requires a client certificate on incoming connections; or
 .Ar muststaple ,
 which requires the peer to provide a valid stapled OCSP response
 with the handshake.
+The following TLS options specify a value in the form of a key=value pair:
+.Ar ciphers ,
+which allows the supported TLS ciphers to be specified (see
+.Xr tls_config_set_ciphers 3
+for further details);
+.Ar protocols ,
+which allows the supported TLS protocols to be specified (see
+.Xr tls_config_parse_protocols 3
+for further details).
 It is illegal to specify TLS options if not using TLS.
 .Pp
 For IPv4 TOS value
@@ -497,10 +502,15 @@ the source port, with a timeout of 5 seconds:
 .Pp
 .Dl $ nc -p 31337 -w 5 host.example.com 42
 .Pp
+Open a TCP connection to port 443 of www.example.com, and negotiate TLS with
+any supported TLS protocol version and "compat" ciphers:
+.Pp
+.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443
+.Pp
 Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
-Check for a different name in the certificate for validation.
+Check for a different name in the certificate for validation:
 .Pp
-.Dl $  nc -v -c -e adsf.au.doubleclick.net www.google.ca 443
+.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443
 .Pp
 Open a UDP connection to port 53 of host.example.com:
 .Pp

diff --git a/src/usr.bin/nc/nc.1 b/src/usr.bin/nc/nc.1 index bb3a8f7cf5..e10d385a14 100644 --- a/src/usr.bin/nc/nc.1 +++ b/src/usr.bin/nc/nc.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: nc.1,v 1.87 2017/07/15 18:11:47 jmc Exp $	1	.\" $OpenBSD: nc.1,v 1.88 2017/11/28 16:59:10 jsing Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 1996 David Sacerdote	3	.\" Copyright (c) 1996 David Sacerdote
4	.\" All rights reserved.	4	.\" All rights reserved.
@@ -25,7 +25,7 @@
25	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	25	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	26	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27	.\"	27	.\"
28	.Dd $Mdocdate: July 15 2017 $	28	.Dd $Mdocdate: November 28 2017 $
29	.Dt NC 1	29	.Dt NC 1
30	.Os	30	.Os
31	.Sh NAME	31	.Sh NAME
@@ -233,10 +233,6 @@ Change IPv4 TOS value or TLS options.
233	For TLS options	233	For TLS options
234	.Ar keyword	234	.Ar keyword
235	may be one of:	235	may be one of:
236	.Ar tlsall ,
237	which allows the use of all supported TLS protocols and ciphers;
238	.Ar tlscompat ,
239	which allows the use of all supported TLS protocols and "compat" ciphers;
240	.Ar noverify ,	236	.Ar noverify ,
241	which disables certificate verification;	237	which disables certificate verification;
242	.Ar noname ,	238	.Ar noname ,
@@ -246,6 +242,15 @@ which requires a client certificate on incoming connections; or
246	.Ar muststaple ,	242	.Ar muststaple ,
247	which requires the peer to provide a valid stapled OCSP response	243	which requires the peer to provide a valid stapled OCSP response
248	with the handshake.	244	with the handshake.
		245	The following TLS options specify a value in the form of a key=value pair:
		246	.Ar ciphers ,
		247	which allows the supported TLS ciphers to be specified (see
		248	.Xr tls_config_set_ciphers 3
		249	for further details);
		250	.Ar protocols ,
		251	which allows the supported TLS protocols to be specified (see
		252	.Xr tls_config_parse_protocols 3
		253	for further details).
249	It is illegal to specify TLS options if not using TLS.	254	It is illegal to specify TLS options if not using TLS.
250	.Pp	255	.Pp
251	For IPv4 TOS value	256	For IPv4 TOS value
@@ -497,10 +502,15 @@ the source port, with a timeout of 5 seconds:
497	.Pp	502	.Pp
498	.Dl $ nc -p 31337 -w 5 host.example.com 42	503	.Dl $ nc -p 31337 -w 5 host.example.com 42
499	.Pp	504	.Pp
		505	Open a TCP connection to port 443 of www.example.com, and negotiate TLS with
		506	any supported TLS protocol version and "compat" ciphers:
		507	.Pp
		508	.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443
		509	.Pp
500	Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.	510	Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
501	Check for a different name in the certificate for validation.	511	Check for a different name in the certificate for validation:
502	.Pp	512	.Pp
503	.Dl $ nc -v -c -e adsf.au.doubleclick.net www.google.ca 443	513	.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443
504	.Pp	514	.Pp
505	Open a UDP connection to port 53 of host.example.com:	515	Open a UDP connection to port 53 of host.example.com:
506	.Pp	516	.Pp