Upgrade chrome's OpenSSL to same version Android ships with.

openssl/doc/apps/s_server.pod

 
 =pod
 
 =head1 NAME
 
 s_server - SSL/TLS server program
 
 =head1 SYNOPSIS
 
 B<openssl> B<s_server>
@@ skipping 173 matching lines @@
 turns on non blocking I/O
 
 =item B<-crlf>
 
 this option translated a line feed from the terminal into CR+LF.
 
 =item B<-quiet>
 
 inhibit printing of session and certificate information.
 
+=item B<-psk_hint hint>
+
+Use the PSK identity hint B<hint> when using a PSK cipher suite.
+
+=item B<-psk key>
+
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
+
 =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
 
 these options disable the use of certain SSL or TLS protocols. By default
 the initial handshake uses a method which should be compatible with all
 servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
 
 =item B<-bugs>
 
 there are several known bug in SSL and TLS implementations. Adding this
 option enables various workarounds.
@@ skipping 35 matching lines @@
 =item B<-HTTP>
 
 emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the URL https://myhost/page.html is
 requested the file ./page.html will be loaded. The files loaded are
 assumed to contain a complete and correct HTTP response (lines that
 are part of the HTTP response line and headers must end with CRLF).
 
 =item B<-engine id>
 
-specifying an engine (by it's unique B<id> string) will cause B<s_server>
+specifying an engine (by its unique B<id> string) will cause B<s_server>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
 
 =item B<-id_prefix arg>
 
 generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful
 for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple
 servers, when each of which might be generating a unique range of session
 IDs (eg. with a certain prefix).
@@ skipping 58 matching lines @@
 Most web browsers (in particular Netscape and MSIE) only support RSA cipher
 suites, so they cannot connect to servers which don't use a certificate
 carrying an RSA key or a version of OpenSSL with RSA disabled.
 
 Although specifying an empty list of CAs when requesting a client certificate
 is strictly speaking a protocol violation, some SSL clients interpret this to
 mean any CA is acceptable. This is useful for debugging purposes.
 
 The session parameters can printed out using the B<sess_id> program.
 
-TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly
-enabled at compile time using for example the B<enable-tlsext> switch.
-
 =head1 BUGS
 
 Because this program has a lot of options and also because some of
 the techniques used are rather old, the C source of s_server is rather
 hard to read and not a model of how things should be done. A typical
 SSL server program would be much simpler.
 
 The output of common ciphers is wrong: it just gives the list of ciphers that
 OpenSSL recognizes and the client supports.
 
 There should be a way for the B<s_server> program to print out details of any
 unknown cipher suites a client says it supports.
 
 =head1 SEE ALSO
 
 L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
 
 =cut