summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd/selfserv/selfserv.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/cmd/selfserv/selfserv.c')
-rw-r--r--security/nss/cmd/selfserv/selfserv.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c
index f34af7d74..65b1ee304 100644
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -159,7 +159,7 @@ static void
PrintUsageHeader(const char *progName)
{
fprintf(stderr,
- "Usage: %s -n rsa_nickname -p port [-BDENRbjlmrsuvx] [-w password]\n"
+ "Usage: %s -n rsa_nickname -p port [-BDENRZbjlmrsuvx] [-w password]\n"
" [-t threads] [-i pid_file] [-c ciphers] [-Y] [-d dbdir] [-g numblocks]\n"
" [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
" [-V [min-version]:[max-version]] [-a sni_name]\n"
@@ -169,7 +169,8 @@ PrintUsageHeader(const char *progName)
" [-e ec_nickname]"
#endif /* NSS_DISABLE_ECC */
"\n"
- " -U [0|1] -H [0|1|2] -W [0|1]\n",
+ " -U [0|1] -H [0|1|2] -W [0|1]\n"
+ "\n",
progName);
}
@@ -219,7 +220,7 @@ PrintParameterUsage()
"-A <ca> Nickname of a CA used to sign a stapled cert status\n"
"-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
"-H override default DHE server support, 0: disable, 1: enable, "
- " 2: require DH named groups\n"
+ " 2: require DH named groups [RFC7919]\n"
"-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
"-c Restrict ciphers\n"
"-Y prints cipher values allowed for parameter -c and exits\n"
@@ -227,7 +228,8 @@ PrintParameterUsage()
"-Q enables ALPN for HTTP/1.1 [RFC7301]\n"
"-I comma separated list of enabled groups for TLS key exchange.\n"
" The following values are valid:\n"
- " P256, P384, P521, x25519, FF2048, FF3072, FF4096, FF6144, FF8192\n",
+ " P256, P384, P521, x25519, FF2048, FF3072, FF4096, FF6144, FF8192\n"
+ "-Z enable 0-RTT (for TLS 1.3; also use -u)\n",
stderr);
}
@@ -2305,7 +2307,9 @@ main(int argc, char **argv)
if (SECU_ParseSSLVersionRangeString(optstate->value,
enabledVersions, &enabledVersions) !=
SECSuccess) {
+ fprintf(stderr, "Bad version specified.\n");
Usage(progName);
+ exit(1);
}
break;