Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE

[openssl.git] / doc / man3 / SSL_CTX_set_cipher_list.pod

diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod b/doc/man3/SSL_CTX_set_cipher_list.pod
index f4b366e48b55b0f07cb89afc147d5df3eb9a09e7..2fdebdf51d24c4f02554ac2d182bac3b0cc524cd 100644 (file)
--- a/doc/man3/SSL_CTX_set_cipher_list.pod
+++ b/doc/man3/SSL_CTX_set_cipher_list.pod
@@ -5,7 +5,9 @@
 SSL_CTX_set_cipher_list,
 SSL_set_cipher_list,
 SSL_CTX_set_ciphersuites,
-SSL_set_ciphersuites
+SSL_set_ciphersuites,
+OSSL_default_cipher_list,
+OSSL_default_ciphersuites
 - choose list of available SSL_CIPHERs
 
 =head1 SYNOPSIS
@@ -18,11 +20,14 @@ SSL_set_ciphersuites
  int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
  int SSL_set_ciphersuites(SSL *s, const char *str);
 
+ const char *OSSL_default_cipher_list(void);
+ const char *OSSL_default_ciphersuites(void);
+
 =head1 DESCRIPTION
 
 SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below)
 for B<ctx> using the control string B<str>. The format of the string is described
-in L<ciphers(1)>. The list of ciphers is inherited by all
+in L<openssl-ciphers(1)>. The list of ciphers is inherited by all
 B<ssl> objects created from B<ctx>. This function does not impact TLSv1.3
 ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those.
 
@@ -31,7 +36,7 @@ B<ssl>.
 
 SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3
 ciphersuites for B<ctx>. This is a simple colon (":") separated list of TLSv1.3
-ciphersuite names in order of perference. Valid TLSv1.3 ciphersuite names are:
+ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are:
 
 =over 4
 
@@ -54,6 +59,10 @@ An empty list is permissible. The default value for the this setting is:
 SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it
 configures the ciphersuites for B<ssl>.
 
+OSSL_default_cipher_list() returns the default cipher string for TLSv1.2
+(and earlier) ciphers. OSSL_default_ciphersuites() returns the default
+cipher string for TLSv1.3 ciphersuites.
+
 =head1 NOTES
 
 The control string B<str> for SSL_CTX_set_cipher_list() and
@@ -85,6 +94,10 @@ of 512 bits and the server is not configured to use temporary RSA
 keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
 and the handshake will fail.
 
+OSSL_default_cipher_list() and OSSL_default_ciphersuites() replace
+SSL_DEFAULT_CIPHER_LIST and TLS_DEFAULT_CIPHERSUITES, respectively. The
+cipher list defines are deprecated as of 3.0.
+
 =head1 RETURN VALUES
 
 SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher
@@ -98,13 +111,17 @@ ciphersuite list was configured, and 0 otherwise.
 L<ssl(7)>, L<SSL_get_ciphers(3)>,
 L<SSL_CTX_use_certificate(3)>,
 L<SSL_CTX_set_tmp_dh_callback(3)>,
-L<ciphers(1)>
+L<openssl-ciphers(1)>
+
+=head1 HISTORY
+
+OSSL_default_cipher_list() and OSSL_default_ciphersites() are new in 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.