diff -up openssl-1.0.1h/doc/apps/ec.pod.manfix openssl-1.0.1h/doc/apps/ec.pod
--- openssl-1.0.1h/doc/apps/ec.pod.manfix	2014-06-05 11:41:31.000000000 +0200
+++ openssl-1.0.1h/doc/apps/ec.pod	2014-06-05 14:41:11.501274915 +0200
@@ -93,10 +93,6 @@ prints out the public, private key compo
 
 this option prevents output of the encoded version of the key.
 
-=item B<-modulus>
-
-this option prints out the value of the public key component of the key.
-
 =item B<-pubin>
 
 by default a private key is read from the input file: with this option a
diff -up openssl-1.0.1h/doc/apps/openssl.pod.manfix openssl-1.0.1h/doc/apps/openssl.pod
--- openssl-1.0.1h/doc/apps/openssl.pod.manfix	2014-06-05 11:41:31.000000000 +0200
+++ openssl-1.0.1h/doc/apps/openssl.pod	2014-06-05 14:41:11.501274915 +0200
@@ -163,7 +163,7 @@ Create or examine a netscape certificate
 
 Online Certificate Status Protocol utility.
 
-=item L<B<passwd>|passwd(1)>
+=item L<B<passwd>|sslpasswd(1)>
 
 Generation of hashed passwords.
 
@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
 
 Public key algorithm cryptographic operation utility.
 
-=item L<B<rand>|rand(1)>
+=item L<B<rand>|sslrand(1)>
 
 Generate pseudo-random bytes.
 
@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
 L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
 L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
 L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
-L<passwd(1)|passwd(1)>,
+L<sslpasswd(1)|sslpasswd(1)>,
 L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
 L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
 L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
 L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
diff -up openssl-1.0.1h/doc/apps/s_client.pod.manfix openssl-1.0.1h/doc/apps/s_client.pod
--- openssl-1.0.1h/doc/apps/s_client.pod.manfix	2014-06-05 14:41:11.445273605 +0200
+++ openssl-1.0.1h/doc/apps/s_client.pod	2014-06-05 14:41:11.501274915 +0200
@@ -33,9 +33,14 @@ B<openssl> B<s_client>
 [B<-ssl2>]
 [B<-ssl3>]
 [B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
+[B<-dtls1>]
 [B<-no_ssl2>]
 [B<-no_ssl3>]
 [B<-no_tls1>]
+[B<-no_tls1_1>]
+[B<-no_tls1_2>]
 [B<-bugs>]
 [B<-cipher cipherlist>]
 [B<-starttls protocol>]
@@ -45,6 +50,7 @@ B<openssl> B<s_client>
 [B<-sess_out filename>]
 [B<-sess_in filename>]
 [B<-rand file(s)>]
+[B<-nextprotoneg protocols>]
 
 =head1 DESCRIPTION
 
@@ -188,7 +194,7 @@ Use the PSK key B<key> when using a PSK
 given as a hexadecimal number without leading 0x, for example -psk
 1a2b3c4d.
 
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
 
 these options disable the use of certain SSL or TLS protocols. By default
 the initial handshake uses a method which should be compatible with all
@@ -249,6 +255,17 @@ Multiple files can be specified separate
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
+=item B<-nextprotoneg protocols>
+
+enable Next Protocol Negotiation TLS extension and provide a list of
+comma-separated protocol names that the client should advertise
+support for. The list should contain most wanted protocols first.
+Protocol names are printable ASCII strings, for example "http/1.1" or
+"spdy/3".
+Empty list of protocols is treated specially and will cause the client to
+advertise support for the TLS extension but disconnect just after
+reciving ServerHello with a list of server supported protocols.
+
 =back
 
 =head1 CONNECTED COMMANDS
diff -up openssl-1.0.1h/doc/apps/s_server.pod.manfix openssl-1.0.1h/doc/apps/s_server.pod
--- openssl-1.0.1h/doc/apps/s_server.pod.manfix	2014-06-05 11:41:31.000000000 +0200
+++ openssl-1.0.1h/doc/apps/s_server.pod	2014-06-05 14:41:11.502274939 +0200
@@ -55,6 +55,7 @@ B<openssl> B<s_server>
 [B<-no_ticket>]
 [B<-id_prefix arg>]
 [B<-rand file(s)>]
+[B<-nextprotoneg protocols>]
 
 =head1 DESCRIPTION
 
@@ -207,7 +208,7 @@ Use the PSK key B<key> when using a PSK
 given as a hexadecimal number without leading 0x, for example -psk
 1a2b3c4d.
 
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
 
 these options disable the use of certain SSL or TLS protocols. By default
 the initial handshake uses a method which should be compatible with all
@@ -282,6 +283,14 @@ Multiple files can be specified separate
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
+=item B<-nextprotoneg protocols>
+
+enable Next Protocol Negotiation TLS extension and provide a
+comma-separated list of supported protocol names.
+The list should contain most wanted protocols first.
+Protocol names are printable ASCII strings, for example "http/1.1" or
+"spdy/3".
+
 =back
 
 =head1 CONNECTED COMMANDS