X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fssl%2FSSL_CTX_set_cipher_list.pod;h=272d6b3de282e418e3344df1455d0838b0536402;hp=1f0daa5de8e5c3809976bae79ae11dffa1333c1e;hb=933f32cc4d183b9f154316a55d77a95efb571282;hpb=615513ba5294e03b451f33bc46c714c5efa28916 diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod index 1f0daa5de8..272d6b3de2 100644 --- a/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/doc/ssl/SSL_CTX_set_cipher_list.pod @@ -23,13 +23,22 @@ SSL_set_cipher_list() sets the list of ciphers only for B. =head1 NOTES -The control string B should be universally useable and not depend +The control string B should be universally usable and not depend on details of the library configuration (ciphers compiled in). Thus no syntax checking takes place. Items that are not recognized, because the -corrensponding ciphers are not compiled in or because they are mistyped, +corresponding ciphers are not compiled in or because they are mistyped, are simply ignored. Failure is only flagged if no ciphers could be collected at all. +It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient. On the server side, additional restrictions apply. All ciphers +have additional requirements. ADH ciphers don't need a certificate, but +DH-parameters must have been set. All other ciphers need a corresponding +certificate and key. A RSA cipher can only be chosen, when a RSA certificate is +available, the respective is valid for DSA ciphers. Ciphers using EDH need +a certificate and key and DH-parameters. + =head1 RETURN VALUES SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher