=item B<-v>
-verbose option. List ciphers with a complete decsription of the authentication,
-key exchange, encryption and mac algorithms used along with any key size
+verbose option. List ciphers with a complete description of
+protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
+authentication, encryption and mac algorithms used along with any key size
restrictions and whether the algorithm is classed as an "export" cipher.
+Note that without the B<-v> option, ciphers may seem to appear twice
+in a cipher list; this is when similar ciphers are available for
+SSL v2 and for SSL v3/TLS v1.
=item B<-ssl3>
=item B<DEFAULT>
the default cipher list. This is determined at compile time and is normally
-B<TBA>. This must be the first cipher string specified.
+B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
+specified.
=item B<ALL>
the cipher suites offering no authentication. This is currently the anonymous
DH algorithms. These cipher suites are vulnerable to a "man in the middle"
-attack and so there use is normally discouraged.
+attack and so their use is normally discouraged.
=item B<kRSA>, B<RSA>
=item B<ADH>
-anoymous DH cipher suites.
+anonymous DH cipher suites.
=item B<3DES>
=head1 NOTES
-The non ephemeral DH modes are currently unimplimented in OpenSSL
+The non-ephemeral DH modes are currently unimplemented in OpenSSL
because there is no support for DH certificates.
Some compiled versions of OpenSSL may not include all the ciphers
=head1 SEE ALSO
-s_client(1), s_server(1), ssl(3)
+L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
=cut
projects / openssl.git / blobdiff