Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 15.0-CURRENT FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.1-STABLE FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.4-STABLE FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 13.0 unstable Debian 12.7.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 15.0 macOS 14.3.1 macOS 13.6.5 macOS 12.7.3 macOS 10.13.6 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.0 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

RPC.TLSSERVD(8)		    System Manager's Manual	       RPC.TLSSERVD(8)

NAME
       rpc.tlsservd -- Sun RPC over TLS	Server Daemon

SYNOPSIS
       rpc.tlsservd   [-2]  [-C	 available_ciphers]  [-D  certdir]  [-d]  [-h]
		    [-l	CAfile]	[-m] [-N num_servers] [-n domain] [-p  CApath]
		    [-r	CRLfile] [-u] [-v] [-W]	[-w]

DESCRIPTION
       The  rpc.tlsservd  program  provides support for	the server side	of the
       kernel Sun RPC over TLS implementation.	This daemon must be running to
       allow the kernel	RPC to perform the TLS handshake after	a  TCP	client
       has  sent the STARTTLS Null RPC request to the server.  This daemon re-
       quires that the kernel be built with "options KERNEL_TLS" and  be  run-
       ning on an architecture such as "amd64" that supports a direct map (not
       i386)  with  ktls(4)  enabled.	Note  that  the	 -tls  option  in  the
       exports(5) file specifies that the client must use RPC over  TLS.   The
       -tlscert	 option	 in the	exports(5) file	specifies that the client must
       provide a certificate that verifies.  The -tlscertuser  option  in  the
       exports(5)  file	 specifies  that the client must provide a certificate
       that verifies and has a otherName:1.3.6.1.4.1.2238.1.1.1;UTF8: field of
       subjectAltName of the form "user@domain"	where "domain" matches the one
       for this	server and "user" is a valid user name that maps  to  a	 <uid,
       gid_list>.   For	 the  latter two cases,	the -m and either the -l or -p
       options must be specified.  The -tlscertuser option also	requires  that
       the -u option on	this daemon be specified.

       Also, if	the IP address used by the client cannot be trusted, the rules
       in  exports(5) cannot be	applied	safely.	 As such, the -h option	can be
       used along with -m and either the -l or -p options to require that  the
       client  certificate have	the correct Fully Qualified Domain Name	(FQDN)
       in it.

       A certificate and associated key	must exist  in	/etc/rpc.tlsservd  (or
       the "certdir" specified by the -D option) in files named	"cert.pem" and
       "certkey.pem".

       If  a  SIGHUP signal is sent to the daemon it will reload the "CRLfile"
       and will	shut down any extant connections that  presented  certificates
       during  TLS handshake that have been revoked.  If the -r	option was not
       specified, the SIGHUP signal will be ignored.

       The daemon will log failed certificate verifications via	syslogd(8) us-
       ing LOG_INFO | LOG_DAEMON when the -m option has	been specified.

       The options are as follows:

       -2, --allowtls1_2
	       Permit clients to mount using TLS version 1.2.  By default, the
	       daemon will only	allow mounts using TLS	version	 1.3,  as  re-
	       quired  by  the	RFC.   However,	 early FreeBSD (13.0 and 13.1)
	       clients require this option, since they use TLS version 1.2.

       -C available_ciphers, --ciphers=available_ciphers
	       Specify which ciphers are available during TLS  handshake.   If
	       this  option is specified, "SSL_CTX_set_ciphersuites()" will be
	       called with "available_ciphers" as the argument.	 If  this  op-
	       tion  is	 not  specified,  the cipher will be chosen by ssl(7),
	       which should be adequate	for most cases.	 The  format  for  the
	       available  ciphers  is a	simple `:' separated list, in order of
	       preference.  The	command	"openssl  ciphers  -s  -tls1_3"	 lists
	       available ciphers.

       -D certdir, --certdir=certdir
	       Use  "certdir" instead of /etc/rpc.tlsservd as the location for
	       the certificate in a file called	"cert.pem" and associated  key
	       in "certkey.pem".

       -d, --debuglevel
	       Run  in	debug  mode.  In this mode, rpc.tlsservd will not fork
	       when it starts.

       -h, --checkhost
	       This option specifies that the client must provide  a  certifi-
	       cate that both verifies and has a FQDN that matches the reverse
	       DNS  name for the IP address that the client uses to connect to
	       the server.  The	FQDN should be in the DNS field	of the subjec-
	       tAltName, but is	also allowed to	be in the CN field of the sub-
	       jectName	in the certificate.  By	default, a wildcard "*"	in the
	       FQDN is not allowed.  With this option, a failure to verify the
	       client certificate or match the FQDN will result	in the	server
	       sending AUTH_REJECTEDCRED replies to all	client RPCs.  This op-
	       tion requires the -m and	either the -l or -p options.

       -l CAfile, --verifylocs=CAfile
	       This option specifies the path name of a	CA certificate(s) file
	       in  pem format, which is	used to	verify client certificates and
	       to set the list of CA(s)	sent to	the client so  that  it	 knows
	       which  certificate  to  send to the server during the TLS hand-
	       shake.	    This      path	name	  is	  used	    in
	       "SSL_CTX_load_verify_locations(ctx,CAfile,NULL)"		   and
	       "SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile))"
	       openssl library calls.  Note that this is a path	name  for  the
	       file and	is not assumed to be in	"certdir".  Either this	option
	       or the -p option	must be	specified when the -m option is	speci-
	       fied so that the	daemon can verify the client's certificate.

       -m, --mutualverf
	       This  option specifies that the server is to request a certifi-
	       cate from the client during the TLS handshake.  It does not re-
	       quire that the client provide  a	 certificate.	It  should  be
	       specified  unless  no  client doing RPC over TLS	is required to
	       have a certificate.  For	 NFS,  either  the  exports(5)	option
	       -tlscert	 or  -tlscertuser  may	be used	to require a client to
	       provide a certificate that verifies.  See exports(5).

       -N num_servers, --numdaemons=num_servers
	       For a server with a large number	of NFS-over-TLS	client mounts,
	       this daemon might get overloaded	 after	a  reboot,  when  many
	       clients	attempt	 to do a TLS handshake at the same time.  This
	       option may be used to specify that "num_servers"	daemons	are to
	       be run instead of a single daemon.  When	this is	done, the  TLS
	       handshakes  are	spread	across	the "num_servers" daemons in a
	       round robin fashion to spread out the load.

       -n domain, --domain=domain
	       This option specifies what the "domain" is for use with the  -u
	       option,	overriding the domain taken from the gethostname(2) of
	       the server this daemon is running on.  If  you  have  specified
	       the -domain command line	option for nfsuserd(8) then you	should
	       specify	this  option with the same "domain" that was specified
	       for nfsuserd(8).	 This option is	only meaningful	when used with
	       the -u option.

       -p CApath, --verifydir=CApath
	       This option is similar to the -l	option,	but specifies the path
	       of a directory with CA certificates in it.  When	this option is
	       used,
	       "SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file())"  is
	       not  called,  so	 a list	of CA names might not be passed	to the
	       client during the TLS handshake.

       -r CRLfile, --crl=CRLfile
	       This option specifies a Certificate Revocation List (CRL)  file
	       that  is	 to  be	 loaded	 into the verify certificate store and
	       checked during verification.  This option  is  only  meaningful
	       when either the -l or -p	have been specified.

       -u, --certuser
	       This option specifies that if the client	provides a certificate
	       that  both  verifies and	has a subjectAltName with an otherName
	       component	       of		the		  form
	       "otherName:1.3.6.1.4.1.2238.1.1.1;UTF8:user@domain"	 where
	       "domain"	matches	the one	for this server, then the daemon  will
	       attempt	to  map	"user" in the above to a user credential <uid,
	       gid_list>.  There should	only be	one of these otherName	compo-
	       nents  for each "domain".  If "user" is a valid username	in the
	       password	database, then the <uid, gid_list> for "user" will  be
	       used  for  all  RPCs on the mount instead of the	credentials in
	       the RPC request header.	This option requires the -m and	either
	       the -l or -p options.  Use of this option might not conform  to
	       RFC-9289, which does not	allow certificates to be used for user
	       authentication.

       -v, --verbose
	       Run  in	verbose	mode.  In this mode, rpc.tlsservd will log ac-
	       tivity messages to syslogd(8) using LOG_INFO | LOG_DAEMON or to
	       stderr, if the -d option	has also been specified.

       -W, --multiwild
	       This option is used with	the -h option to allow use of a	 wild-
	       card  "*"  that	matches	multiple components of the reverse DNS
	       name for	the  client's  IP  address.   For  example,  the  FQDN
	       "*.uoguelph.ca"	would  match  both  "laptop21.uoguelph.ca" and
	       "laptop3.cis.uoguelph.ca".

       -w, --singlewild
	       Similar to -W but allows	the wildcard "*"  to  match  a	single
	       component  of  the  reverse  DNS	 name.	 For example, the FQDN
	       "*.uoguelph.ca"	would  match  "laptop21.uoguelph.ca"  but  not
	       "laptop3.cis.uoguelph.ca".   Only  one of the -W	and -w options
	       is allowed.

EXIT STATUS
       The rpc.tlsservd	utility	exits 0	on success, and	>0 if an error occurs.

SEE ALSO
       openssl(1), ktls(4),  exports(5),  ssl(7),  mount_nfs(8),  nfsuserd(8),
       rpc.tlsclntd(8),	syslogd(8)

STANDARDS
       The  implementation  is	based  on the specification in "Towards	Remote
       Procedure Call Encryption By Default", RFC 9289.

HISTORY
       The rpc.tlsservd	manual page first appeared in FreeBSD 13.0.

BUGS
       This daemon cannot be safely shut down and restarted if there  are  any
       active  RPC-over-TLS  connections.  Doing so will orphan	the KERNEL_TLS
       connections, so that they can no	longer do upcalls successfully,	 since
       the "SSL	*" structures in userspace have	been lost.

FreeBSD	13.2		       November	10, 2022	       RPC.TLSSERVD(8)

---

NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | SEE ALSO | STANDARDS | HISTORY | BUGS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rpc.tlsservd&sektion=8&manpath=FreeBSD+14.1-RELEASE+and+Ports>

home | help

---

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact