X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman1%2Fciphers.pod;h=e29c5d7ced9369d93f2b695a1dde37b23524248e;hp=9616e8ed41755f240d47e9d0c65d82293ec7cd9e;hb=fc5ecaddd0c2aa76dfc8b9c4a7b3686cf2a3a292;hpb=b0edda11cbfe91e8b99b09909a80a810d0143891 diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index 9616e8ed41..e29c5d7ced 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -73,30 +73,12 @@ L. Like B<-v>, but include the official cipher suite values in hex. -=item B<-tls1_3> +=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3> -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.3 were negotiated. - -=item B<-tls1_2> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.2 were negotiated. - -=item B<-ssl3> - -In combination with the B<-s> option, list the ciphers which would be used if -SSLv3 were negotiated. - -=item B<-tls1> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1 were negotiated. - -=item B<-tls1_1> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.1 were negotiated. +In combination with the B<-s> option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-stdname> @@ -113,7 +95,7 @@ TLSv1.2 and below ciphersuites that have been configured. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By default this value is: -"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" + TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 =item B @@ -168,19 +150,20 @@ The cipher string B<@SECLEVEL=n> can be used at any point to set the security level to B, which should be a number between zero and five, inclusive. See L for a description of what each level means. +The cipher list can be prefixed with the B keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using B<+> character. +For example, B is not valid. + +The content of the default list is determined at compile time and normally +corresponds to B. + =head1 CIPHER STRINGS The following is a list of all permitted cipher strings and their meanings. =over 4 -=item B - -The default cipher list. -This is determined at compile time and is normally -B. -When used, this must be the first cipherstring specified. - =item B The ciphers included in B, but not enabled by default. Currently @@ -779,13 +762,13 @@ The B<-V> option for the B command was added in OpenSSL 1.0.0. The B<-stdname> is only available if OpenSSL is built with tracing enabled (B argument to Configure) before OpenSSL 1.1.1. -The B<-convert> was added in OpenSSL 1.1.1. +The B<-convert> option was added in OpenSSL 1.1.1. =head1 COPYRIGHT Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. -Licensed under the OpenSSL license (the "License"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L.