diff options
| author | Enji Cooper <ngie@FreeBSD.org> | 2025-05-07 21:18:24 +0000 |
|---|---|---|
| committer | Enji Cooper <ngie@FreeBSD.org> | 2025-05-07 22:37:22 +0000 |
| commit | 29536654cc41bf41b92dc836c47496dc6fe0b00c (patch) | |
| tree | 368a3c5b14e610bb5f6b71657f61a41e373eaf97 /doc/man7/openssl-env.pod | |
| parent | 1c34280346af8284acdc0eae39496811d37df25d (diff) | |
Diffstat (limited to 'doc/man7/openssl-env.pod')
| -rw-r--r-- | doc/man7/openssl-env.pod | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod index c7dbd2277dc6..78043d5bd68a 100644 --- a/doc/man7/openssl-env.pod +++ b/doc/man7/openssl-env.pod @@ -167,24 +167,44 @@ See L<SSL_CTX_load_verify_locations(3)>. Additional arguments for the L<tsget(1)> command. -=item B<OPENSSL_ia32cap>, B<OPENSSL_sparcv9cap>, B<OPENSSL_ppccap>, B<OPENSSL_armcap>, B<OPENSSL_s390xcap> +=item B<OPENSSL_ia32cap>, B<OPENSSL_sparcv9cap>, B<OPENSSL_ppccap>, B<OPENSSL_armcap>, B<OPENSSL_s390xcap>, B<OPENSSL_riscvcap> OpenSSL supports a number of different algorithm implementations for various machines and, by default, it determines which to use based on the processor capabilities and run time feature enquiry. These environment variables can be used to exert more control over this selection process. -See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)>. +See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)> and L<OPENSSL_riscvcap(3)>. =item B<NO_PROXY>, B<HTTPS_PROXY>, B<HTTP_PROXY> Specify a proxy hostname. See L<OSSL_HTTP_parse_url(3)>. +=item B<QLOGDIR> + +Specifies a QUIC qlog output directory. See L<openssl-qlog(7)>. + +=item B<OSSL_QFILTER> + +Used to set a QUIC qlog filter specification. See L<openssl-qlog(7)>. + +=item B<SSLKEYLOGFILE> + +Used to produce the standard format output file for SSL key logging. Optionally +set this variable to a filename to log all secrets produced by SSL connections. +Note, use of the environment variable is predicated on configuring OpenSSL at +build time with the enable-sslkeylog feature. The file format standard can be +found at L<https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/>. +Note: the use of B<SSLKEYLOGFILE> poses an explicit security risk. By recording +the exchanged keys during an SSL session, it allows any available party with +read access to the file to decrypt application traffic sent over that session. +Use of this feature should be restricted to test and debug environments only. + =back =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |