EVP configuration section: add 'default_properties' command

[openssl.git] / doc / man5 / config.pod

diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 985b07ff3b1ae5ce58ba5fc4b5768969e74e00d1..cac4ef6742ec7d5e37088fb1a4106ae320618a2f 100644 (file)
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -274,12 +274,33 @@ available to the provider.
 
 =head2 EVP Configuration Module
 
-This modules has the name B<alg_section> which points to a section containing
+This module has the name B<alg_section> which points to a section containing
 algorithm commands.
 
-Currently the only algorithm command supported is B<fips_mode> whose
-value can only be the boolean string B<off>. If B<fips_mode> is set to B<on>,
-an error occurs as this library version is not FIPS capable.
+The supported algorithm commands are:
+
+=over 4
+
+=item B<default_properties>
+
+The value may be anything that is acceptable as a property query
+string for EVP_set_default_properties().
+
+=item B<fips_mode> (deprecated)
+
+The value is a boolean that can be B<yes> or B<no>.  If the value is
+B<yes>, this is exactly equivalent to:
+
+    default_properties = fips=yes
+
+If the value is B<no>, nothing happens.
+
+=back
+
+These two commands should not be used together, as there is no control
+over how they affect each other.
+The use of B<fips_mode> is strongly discouraged and is only present
+for backward compatibility with earlier OpenSSL FIPS modules.
 
 =head2 SSL Configuration Module