From 29c4cf0cd12100cb45a6ef59fdbd435954d16d5d Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 7 Feb 2016 20:34:03 +0100 Subject: [PATCH] Update ciphers -s documentation Reviewed-by: Viktor Dukhovni MR: #1595 --- doc/apps/ciphers.pod | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 344e2188aa..9788fa31f0 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -36,9 +36,21 @@ Print a usage message. =item B<-s> -Only list supported ciphers: those consistent with the security level. This -is the actual cipher list an application will support. If this option is -not used then ciphers excluded by the security level will still be listed. +Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. +This is closer to the actual cipher list an application will support. + +This program does not set up support for SRP and so SRP based ciphers will +always be excluded when using this option. +PSK ciphers are not enabled by default and it requires the B<-psk> to enable +them. +It also does not change the default list of supported signature algorithms. + +On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of DH parameters. + +If this option is not used then all ciphers that match the cipherlist will be +listed. =item B<-psk> -- 2.34.1