Add initial security framework docs.

[openssl.git] / doc / apps / ciphers.pod

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 900f49542f0c365c4d89b1f0f0e89843c129d65c..8a1cf5add1f95d9f8dcf15d466c5bf833a0e4897 100644 (file)
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -7,6 +7,7 @@ ciphers - SSL cipher display and cipher list tool.
 =head1 SYNOPSIS
 
 B<openssl> B<ciphers>
+[B<-s>]
 [B<-v>]
 [B<-V>]
 [B<-ssl2>]
@@ -25,6 +26,12 @@ the appropriate cipherlist.
 
 =over 4
 
+=item B<-s>
+
+Only list supported ciphers: those consistent with the security level. This
+is the actual cipher list an application will support. If this option is
+not used then ciphers excluded by the security level will still be listed.
+
 =item B<-v>
 
 Verbose option. List ciphers with a complete description of
@@ -104,8 +111,11 @@ as a list of ciphers to be appended to the current preference list. If the
 list includes any ciphers already present they will be ignored: that is they
 will not moved to the end of the list.
 
-Additionally the cipher string B<@STRENGTH> can be used at any point to sort
-the current cipher list in order of encryption algorithm key length.
+The cipher string B<@STRENGTH> can be used at any point to sort the current
+cipher list in order of encryption algorithm key length.
+
+The cipher string B<@SECLEVEL=n> can be used at any point to set the security
+level to B<n>.
 
 =head1 CIPHER STRINGS
 
@@ -585,6 +595,10 @@ encryption.
 
  openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
 
+Set security level to 2 and display all ciphers consistent with level 2:
+
+ openssl ciphers -v 'ALL:@SECLEVEL=2'
+
 =head1 SEE ALSO
 
 L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>