X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fapps%2Fciphers.pod;h=21077614a72761c8357012b0089fa50a45377a60;hp=ac195e79ff993605899f9d2df24b9b5ae7032936;hb=cc99526db1ee5b948736f6b07958a786fec1240b;hpb=8548d442702e77f8f1c4973726acabc34748de58 diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index ac195e79ff..21077614a7 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -25,9 +25,13 @@ the appropriate cipherlist. =item B<-v> -verbose option. List ciphers with a complete decsription of the authentication, -key exchange, encryption and mac algorithms used along with any key size +verbose option. List ciphers with a complete description of +protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange, +authentication, encryption and mac algorithms used along with any key size restrictions and whether the algorithm is classed as an "export" cipher. +Note that without the B<-v> option, ciphers may seem to appear twice +in a cipher list; this is when similar ciphers are available for +SSL v2 and for SSL v3/TLS v1. =item B<-ssl3> @@ -101,7 +105,8 @@ The following is a list of all permitted cipher strings and their meanings. =item B the default cipher list. This is determined at compile time and is normally -B. This must be the first cipher string specified. +B. This must be the first cipher string +specified. =item B @@ -143,7 +148,7 @@ included. the cipher suites offering no authentication. This is currently the anonymous DH algorithms. These cipher suites are vulnerable to a "man in the middle" -attack and so there use is normally discouraged. +attack and so their use is normally discouraged. =item B, B @@ -186,7 +191,7 @@ cipher suites using DH, including anonymous DH. =item B -anoymous DH cipher suites. +anonymous DH cipher suites. =item B<3DES> @@ -313,7 +318,7 @@ Note: these ciphers can also be used in SSL v3. =head1 NOTES -The non ephemeral DH modes are currently unimplimented in OpenSSL +The non-ephemeral DH modes are currently unimplemented in OpenSSL because there is no support for DH certificates. Some compiled versions of OpenSSL may not include all the ciphers @@ -336,6 +341,6 @@ Include only 3DES ciphers and then place RSA ciphers last: =head1 SEE ALSO -s_client(1), s_server(1), ssl(3) +L, L, L =cut