projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
man: harmonize the various formulations in the HISTORY sections
[openssl.git] / doc / man1 / ciphers.pod
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index 0875a8736bd7354224299562a128645bf3f13f99..e29c5d7ced9369d93f2b695a1dde37b23524248e 100644 (file)
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+openssl-ciphers,
 ciphers - SSL cipher display and cipher list tool
 
 =head1 SYNOPSIS
@@ -21,6 +22,7 @@ B<openssl> B<ciphers>
 [B<-srp>]
 [B<-stdname>]
 [B<-convert name>]
+[B<-ciphersuites val>]
 [B<cipherlist>]
 
 =head1 DESCRIPTION
@@ -71,30 +73,12 @@ L<SSL_CIPHER_description(3)>.
 
 Like B<-v>, but include the official cipher suite values in hex.
 
-=item B<-tls1_3>
+=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3>
 
-In combination with the B<-s> option, list the ciphers which would be used if
-TLSv1.3 were negotiated.
-
-=item B<-tls1_2>
-
-In combination with the B<-s> option, list the ciphers which would be used if
-TLSv1.2 were negotiated.
-
-=item B<-ssl3>
-
-In combination with the B<-s> option, list the ciphers which would be used if
-SSLv3 were negotiated.
-
-=item B<-tls1>
-
-In combination with the B<-s> option, list the ciphers which would be used if
-TLSv1 were negotiated.
-
-=item B<-tls1_1>
-
-In combination with the B<-s> option, list the ciphers which would be used if
-TLSv1.1 were negotiated.
+In combination with the B<-s> option, list the ciphers which could be used if
+the specified protocol were negotiated.
+Note that not all protocols and flags may be available, depending on how
+OpenSSL was built.
 
 =item B<-stdname>
 
@@ -104,10 +88,21 @@ Precede each cipher suite by its standard name.
 
 Convert a standard cipher B<name> to its OpenSSL name.
 
+=item B<-ciphersuites val>
+
+Sets the list of TLSv1.3 ciphersuites. This list will be combined with any
+TLSv1.2 and below ciphersuites that have been configured. The format for this
+list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By
+default this value is:
+
+ TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+
 =item B<cipherlist>
 
-A cipher list to convert to a cipher preference list. If it is not included
-then the default cipher list will be used. The format is described below.
+A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher
+preference list. This list will be combined with any TLSv1.3 ciphersuites that
+have been configured. If it is not included then the default cipher list will be
+used. The format is described below.
 
 =back
 
@@ -152,7 +147,16 @@ The cipher string B<@STRENGTH> can be used at any point to sort the current
 cipher list in order of encryption algorithm key length.
 
 The cipher string B<@SECLEVEL=n> can be used at any point to set the security
-level to B<n>.
+level to B<n>, which should be a number between zero and five, inclusive.
+See L<SSL_CTX_set_security_level> for a description of what each level means.
+
+The cipher list can be prefixed with the B<DEFAULT> keyword, which enables
+the default cipher list as defined below.  Unlike cipher strings,
+this prefix may not be combined with other strings using B<+> character.
+For example, B<DEFAULT+DES> is not valid.
+
+The content of the default list is determined at compile time and normally
+corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
 
 =head1 CIPHER STRINGS
 
@@ -160,13 +164,6 @@ The following is a list of all permitted cipher strings and their meanings.
 
 =over 4
 
-=item B<DEFAULT>
-
-The default cipher list.
-This is determined at compile time and is normally
-B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
-When used, this must be the first cipherstring specified.
-
 =item B<COMPLEMENTOFDEFAULT>
 
 The ciphers included in B<ALL>, but not enabled by default. Currently
@@ -591,18 +588,24 @@ Note: these ciphers can also be used in SSL v3.
 
 =head2 ARIA cipher suites from RFC6209, extending TLS v1.2
 
- TLS_RSA_WITH_ARIA_128_CBC_SHA256          ARIA128-CBC-SHA256
- TLS_RSA_WITH_ARIA_256_CBC_SHA384          ARIA256-CBC-SHA384
- TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256      DHE-DSS-ARIA128-CBC-SHA256
- TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384      DHE-DSS-ARIA256-CBC-SHA384
- TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256      DHE-RSA-ARIA128-CBC-SHA256
- TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384      DHE-RSA-ARIA256-CBC-SHA384
- TLS_DH_anon_WITH_ARIA_128_CBC_SHA256      DH-anon-ARIA128-CBC-SHA256
- TLS_DH_anon_WITH_ARIA_256_CBC_SHA384      DH-anon-ARIA256-CBC-SHA384
- TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256  ECDHE-ECDSA-ARIA128-CBC-SHA256
- TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384  ECDHE-ECDSA-ARIA256-CBC-SHA384
- TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256    ECDHE-RSA-ARIA128-CBC-SHA256
- TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384    ECDHE-RSA-ARIA256-CBC-SHA384
+Note: the CBC modes mentioned in this RFC are not supported.
+
+ TLS_RSA_WITH_ARIA_128_GCM_SHA256          ARIA128-GCM-SHA256
+ TLS_RSA_WITH_ARIA_256_GCM_SHA384          ARIA256-GCM-SHA384
+ TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256      DHE-RSA-ARIA128-GCM-SHA256
+ TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384      DHE-RSA-ARIA256-GCM-SHA384
+ TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256      DHE-DSS-ARIA128-GCM-SHA256
+ TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384      DHE-DSS-ARIA256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256  ECDHE-ECDSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384  ECDHE-ECDSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256    ECDHE-ARIA128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384    ECDHE-ARIA256-GCM-SHA384
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256          PSK-ARIA128-GCM-SHA256
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384          PSK-ARIA256-GCM-SHA384
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256      DHE-PSK-ARIA128-GCM-SHA256
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384      DHE-PSK-ARIA256-GCM-SHA384
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256      RSA-PSK-ARIA128-GCM-SHA256
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384      RSA-PSK-ARIA256-GCM-SHA384
 
 =head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2
 
@@ -697,11 +700,11 @@ Note: these ciphers can also be used in SSL v3.
 
 =head2 TLS v1.3 cipher suites
 
- TLS_AES_128_GCM_SHA256                     TLS13-AES-128-GCM-SHA256
- TLS_AES_256_GCM_SHA384                     TLS13-AES-256-GCM-SHA384
- TLS_CHACHA20_POLY1305_SHA256               TLS13-CHACHA20-POLY1305-SHA256
- TLS_AES_128_CCM_SHA256                     TLS13-AES-128-CCM-SHA256
- TLS_AES_128_CCM_8_SHA256                   TLS13-AES-128-CCM-8-SHA256
+ TLS_AES_128_GCM_SHA256                     TLS_AES_128_GCM_SHA256
+ TLS_AES_256_GCM_SHA384                     TLS_AES_256_GCM_SHA384
+ TLS_CHACHA20_POLY1305_SHA256               TLS_CHACHA20_POLY1305_SHA256
+ TLS_AES_128_CCM_SHA256                     TLS_AES_128_CCM_SHA256
+ TLS_AES_128_CCM_8_SHA256                   TLS_AES_128_CCM_8_SHA256
 
 =head2 Older names used by OpenSSL
 
@@ -759,13 +762,13 @@ The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
 The B<-stdname> is only available if OpenSSL is built with tracing enabled
 (B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1.
 
-The B<-convert> was added in OpenSSL 1.1.1.
+The B<-convert> option was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.
Unnamed repository; edit this file 'description' to name the repository.