Add information to BUGS section of enc documentation. PR#3354

[openssl.git] / doc / apps / enc.pod

diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod
index 018365ba40be4df6f632025c2accfb95f2ba5f08..629611d137fd77214999bdd7528c199909a62758 100644 (file)
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -57,15 +57,13 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 
 =item B<-salt>
 
-use a salt in the key derivation routines. This option should B<ALWAYS>
-be used unless compatibility with previous versions of OpenSSL or SSLeay
-is required. This option is only present on OpenSSL versions 0.9.5 or
-above.
+use a salt in the key derivation routines. This is the default.
 
 =item B<-nosalt>
 
-don't use a salt in the key derivation routines. This is the default for
-compatibility with previous versions of OpenSSL and SSLeay.
+don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
+used except for test purposes or compatibility with ancient versions of OpenSSL
+and SSLeay.
 
 =item B<-e>
 
@@ -328,4 +326,8 @@ The B<enc> program only supports a fixed number of algorithms with
 certain parameters. So if, for example, you want to use RC2 with a
 76 bit key or RC4 with an 84 bit key you can't use this program.
 
+The B<enc> program does not support authenticated encryption modes
+like CCM and GCM. The utility does not store or retrieve the
+authentication tag.
+
 =cut