1 files changed, 13 insertions, 10 deletions

diff --git a/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 b/secure/lib/libcrypto/man/man3/SSL_read_early_data.3
index 0f769aaff8b6..d8c7ed47c012 100644
--- a/secure/lib/libcrypto/man/man3/SSL_read_early_data.3
+++ b/secure/lib/libcrypto/man/man3/SSL_read_early_data.3
@@ -1,5 +1,5 @@
 .\" -*- mode: troff; coding: utf-8 -*-
-.\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -52,10 +52,13 @@
 .    \}
 .\}
 .rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
 .\" ========================================================================
 .\"
 .IX Title "SSL_READ_EARLY_DATA 3ossl"
-.TH SSL_READ_EARLY_DATA 3ossl 2025-09-30 3.5.4 OpenSSL
+.TH SSL_READ_EARLY_DATA 3ossl 2026-04-07 3.5.6 OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -118,7 +121,7 @@ These functions are used to send and receive early data where TLSv1.3 has been
 negotiated. Early data can be sent by the client immediately after its initial
 ClientHello without having to wait for the server to complete the handshake.
 Early data can be sent if a session has previously been established with the
-server or when establishing a new session using an out-of-band PSK, and only
+server or when establishing a new session using an out\-of\-band PSK, and only
 when the server is known to support it. Additionally these functions can be used
 to send data from the server to the client when the client has not yet completed
 the authentication stage of the handshake.
@@ -131,7 +134,7 @@ data. For specific details, consult the TLS 1.3 specification.
 .PP
 When a server receives early data it may opt to immediately respond by sending
 application data back to the client. Data sent by the server at this stage is
-done before the full handshake has been completed. Specifically the client's
+done before the full handshake has been completed. Specifically the client\*(Aqs
 authentication messages have not yet been received, i.e. the client is
 unauthenticated at this point and care should be taken when using this
 capability.
@@ -288,7 +291,7 @@ decision is made to accept or reject early data. The callback is provided with a
 pointer to the user data argument that was provided when the callback was first
 set. Returning 1 from the callback will allow early data and returning 0 will
 reject it. Note that the OpenSSL library may reject early data for other reasons
-in which case this callback will not get called. Notably, the built-in replay
+in which case this callback will not get called. Notably, the built\-in replay
 protection feature will still be used even if a callback is present unless it
 has been explicitly disabled using the SSL_OP_NO_ANTI_REPLAY option. See
 "REPLAY PROTECTION" below.
@@ -302,10 +305,10 @@ These functions cannot currently be used with QUIC SSL objects.
 The whole purpose of early data is to enable a client to start sending data to
 the server before a full round trip of network traffic has occurred. Application
 developers should ensure they consider optimisation of the underlying TCP socket
-to obtain a performant solution. For example Nagle's algorithm is commonly used
+to obtain a performant solution. For example Nagle\*(Aqs algorithm is commonly used
 by operating systems in an attempt to avoid lots of small TCP packets. In many
 scenarios this is beneficial for performance, but it does not work well with the
-early data solution as implemented in OpenSSL. In Nagle's algorithm the OS will
+early data solution as implemented in OpenSSL. In Nagle\*(Aqs algorithm the OS will
 buffer outgoing TCP data if a TCP packet has already been sent which we have not
 yet received an ACK for from the peer. The buffered data will only be
 transmitted if enough data to fill an entire TCP packet is accumulated, or if
@@ -320,7 +323,7 @@ sent until a complete round trip with the server has occurred which defeats the
 objective of early data.
 .PP
 In many operating systems the TCP_NODELAY socket option is available to disable
-Nagle's algorithm. If an application opts to disable Nagle's algorithm
+Nagle\*(Aqs algorithm. If an application opts to disable Nagle\*(Aqs algorithm
 consideration should be given to turning it back on again after the handshake is
 complete if appropriate.
 .PP
@@ -359,7 +362,7 @@ does not exist then the resumption is not allowed and a full handshake will
 occur.
 .PP
 Note that some applications may maintain an external cache of sessions (see
-\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's
+\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application\*(Aqs
 responsibility to ensure that any sessions in the external cache are also
 populated in the internal cache and that once removed from the internal cache
 they are similarly removed from the external cache. Failing to do this could
@@ -376,7 +379,7 @@ The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs)
 should be applied when combining external PSKs with early data.
 .PP
 Some applications may mitigate the replay risks in other ways. For those
-applications it is possible to turn off the built-in replay protection feature
+applications it is possible to turn off the built\-in replay protection feature
 using the \fBSSL_OP_NO_ANTI_REPLAY\fR option. See \fBSSL_CTX_set_options\fR\|(3) for
 details. Applications can also set a callback to make decisions about accepting
 early data or not. See \fBSSL_CTX_set_allow_early_data_cb()\fR above for details.