Document SSL_get1_supported_ciphers(3) and SSL_get_client_ciphers(3).

The text comes from OpenSSL, where it was still published under a free license. from schwarze
author: tb <> 2019-01-22 01:18:24 +0000
committer: tb <> 2019-01-22 01:18:24 +0000
commit: 4ed49c06ac96d9c4a6e16aa7f6d37cdf1735a51c (patch)
tree: 6246d09e92ce9ccdc241490e1c342f085271da23 /src
parent: fbdf216114c12c4b5deb8b0478b2a28344479c96 (diff)
download: openbsd-4ed49c06ac96d9c4a6e16aa7f6d37cdf1735a51c.tar.gz
openbsd-4ed49c06ac96d9c4a6e16aa7f6d37cdf1735a51c.tar.bz2
openbsd-4ed49c06ac96d9c4a6e16aa7f6d37cdf1735a51c.zip
1 files changed, 61 insertions, 7 deletions
diff --git a/src/lib/libssl/man/SSL_get_ciphers.3 b/src/lib/libssl/man/SSL_get_ciphers.3
index cbbf62b35e..07361da461 100644
--- a/src/lib/libssl/man/SSL_get_ciphers.3
+++ b/src/lib/libssl/man/SSL_get_ciphers.3
@@ -1,6 +1,6 @@
-.\" $OpenBSD: SSL_get_ciphers.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $
+.\" $OpenBSD: SSL_get_ciphers.3,v 1.7 2019/01/22 01:18:24 tb Exp $
 .\" full merge up to: OpenSSL c3e64028 Mar 30 11:50:14 2005 +0000
-.\" selective merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
+.\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
 .\" Nick Mathewson <nickm@torproject.org>, and Kazuki Yamaguchi <k@rhe.jp>.
@@ -51,12 +51,14 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: January 22 2019 $
 .Dt SSL_GET_CIPHERS 3
 .Os
 .Sh NAME
 .Nm SSL_get_ciphers ,
 .Nm SSL_CTX_get_ciphers ,
+.Nm SSL_get1_supported_ciphers ,
+.Nm SSL_get_client_ciphers ,
 .Nm SSL_get_cipher_list
 .Nd get list of available SSL_CIPHERs
 .Sh SYNOPSIS
@@ -65,6 +67,10 @@
 .Fn SSL_get_ciphers "const SSL *ssl"
 .Ft STACK_OF(SSL_CIPHER) *
 .Fn SSL_CTX_get_ciphers "const SSL_CTX *ctx"
+.Ft STACK_OF(SSL_CIPHER) *
+.Fn SSL_get1_supported_ciphers "SSL *ssl"
+.Ft STACK_OF(SSL_CIPHER) *
+.Fn SSL_get_client_ciphers "const SSL *ssl"
 .Ft const char *
 .Fn SSL_get_cipher_list "const SSL *ssl" "int priority"
 .Sh DESCRIPTION
@@ -88,9 +94,49 @@ returns the stack of available
 for
 .Fa ctx .
 .Pp
-.Fn SSL_get_ciphers
+.Fn SSL_get1_supported_ciphers
+returns the stack of enabled
+.Vt SSL_CIPHER Ns s
+for
+.Fa ssl
+as it would be sent in a ClientHello, sorted by preference.
+The list depends on settings like the cipher list, the supported
+protocol versions, the security level, and the enabled signature
+algorithms.
+The list of ciphers that would be sent in a ClientHello can differ
+from the list of ciphers that would be acceptable when acting as a
+server.
+For example,
+additional ciphers may be usable by a server if there is a gap in the
+list of supported protocols, and some ciphers may not be usable by a
+server if there is not a suitable certificate configured.
+If
+.Fa ssl
+is
+.Dv NULL
+or no ciphers are available,
+.Dv NULL
+is returned.
+.Pp
+.Fn SSL_get_client_ciphers
+returns the stack of available
+.Vt SSL_CIPHER Ns s
+matching the list received from the client on
+.Fa ssl .
+If
+.Fa ssl
+is
+.Dv NULL ,
+no ciphers are available, or
+.Fa ssl
+is not operating in server mode,
+.Dv NULL
+is returned.
+.Pp
+.Fn SSL_get_ciphers ,
+.Fn SSL_CTX_get_ciphers ,
 and
-.Fn SSL_CTX_get_ciphers
+.Fn SSL_get_client_ciphers
 return pointers to internal cipher stacks, which will be freed
 later on when the
 .Vt SSL
@@ -100,9 +146,11 @@ object is freed.
 Therefore, the calling code must not free the return value itself.
 .Pp
 The details of the ciphers obtained by
-.Fn SSL_get_ciphers
+.Fn SSL_get_ciphers ,
+.Fn SSL_CTX_get_ciphers ,
+.Fn SSL_get1_supported_ciphers ,
 and
-.Fn SSL_CTX_get_ciphers
+.Fn SSL_get_client_ciphers
 can be obtained using the
 .Xr SSL_CIPHER_get_name 3
 family of functions.
@@ -146,3 +194,9 @@ Both functions have been available since
 .Fn SSL_CTX_get_ciphers
 first appeared in OpenSSL 1.1.0 and has been available since
 .Ox 6.3 .
+.Pp
+.Fn SSL_get1_supported_ciphers
+and
+.Fn SSL_get_client_ciphers
+first appeared in OpenSSL 1.1.0 and has been available since
+.Ox 6.5 .
author	tb <>	2019-01-22 01:18:24 +0000
committer	tb <>	2019-01-22 01:18:24 +0000
commit	4ed49c06ac96d9c4a6e16aa7f6d37cdf1735a51c (patch)
tree	6246d09e92ce9ccdc241490e1c342f085271da23 /src
parent	fbdf216114c12c4b5deb8b0478b2a28344479c96 (diff)
download	openbsd-4ed49c06ac96d9c4a6e16aa7f6d37cdf1735a51c.tar.gz openbsd-4ed49c06ac96d9c4a6e16aa7f6d37cdf1735a51c.tar.bz2 openbsd-4ed49c06ac96d9c4a6e16aa7f6d37cdf1735a51c.zip

diff --git a/src/lib/libssl/man/SSL_get_ciphers.3 b/src/lib/libssl/man/SSL_get_ciphers.3 index cbbf62b35e..07361da461 100644 --- a/src/lib/libssl/man/SSL_get_ciphers.3 +++ b/src/lib/libssl/man/SSL_get_ciphers.3
@@ -1,6 +1,6 @@
1	.\" $OpenBSD: SSL_get_ciphers.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $	1	.\" $OpenBSD: SSL_get_ciphers.3,v 1.7 2019/01/22 01:18:24 tb Exp $
2	.\" full merge up to: OpenSSL c3e64028 Mar 30 11:50:14 2005 +0000	2	.\" full merge up to: OpenSSL c3e64028 Mar 30 11:50:14 2005 +0000
3	.\" selective merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	3	.\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
4	.\"	4	.\"
5	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,	5	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
6	.\" Nick Mathewson <nickm@torproject.org>, and Kazuki Yamaguchi <k@rhe.jp>.	6	.\" Nick Mathewson <nickm@torproject.org>, and Kazuki Yamaguchi <k@rhe.jp>.
@@ -51,12 +51,14 @@
51	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	51	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	52	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
53	.\"	53	.\"
54	.Dd $Mdocdate: March 27 2018 $	54	.Dd $Mdocdate: January 22 2019 $
55	.Dt SSL_GET_CIPHERS 3	55	.Dt SSL_GET_CIPHERS 3
56	.Os	56	.Os
57	.Sh NAME	57	.Sh NAME
58	.Nm SSL_get_ciphers ,	58	.Nm SSL_get_ciphers ,
59	.Nm SSL_CTX_get_ciphers ,	59	.Nm SSL_CTX_get_ciphers ,
		60	.Nm SSL_get1_supported_ciphers ,
		61	.Nm SSL_get_client_ciphers ,
60	.Nm SSL_get_cipher_list	62	.Nm SSL_get_cipher_list
61	.Nd get list of available SSL_CIPHERs	63	.Nd get list of available SSL_CIPHERs
62	.Sh SYNOPSIS	64	.Sh SYNOPSIS
@@ -65,6 +67,10 @@
65	.Fn SSL_get_ciphers "const SSL *ssl"	67	.Fn SSL_get_ciphers "const SSL *ssl"
66	.Ft STACK_OF(SSL_CIPHER) *	68	.Ft STACK_OF(SSL_CIPHER) *
67	.Fn SSL_CTX_get_ciphers "const SSL_CTX *ctx"	69	.Fn SSL_CTX_get_ciphers "const SSL_CTX *ctx"
		70	.Ft STACK_OF(SSL_CIPHER) *
		71	.Fn SSL_get1_supported_ciphers "SSL *ssl"
		72	.Ft STACK_OF(SSL_CIPHER) *
		73	.Fn SSL_get_client_ciphers "const SSL *ssl"
68	.Ft const char *	74	.Ft const char *
69	.Fn SSL_get_cipher_list "const SSL *ssl" "int priority"	75	.Fn SSL_get_cipher_list "const SSL *ssl" "int priority"
70	.Sh DESCRIPTION	76	.Sh DESCRIPTION
@@ -88,9 +94,49 @@ returns the stack of available
88	for	94	for
89	.Fa ctx .	95	.Fa ctx .
90	.Pp	96	.Pp
91	.Fn SSL_get_ciphers	97	.Fn SSL_get1_supported_ciphers
		98	returns the stack of enabled
		99	.Vt SSL_CIPHER Ns s
		100	for
		101	.Fa ssl
		102	as it would be sent in a ClientHello, sorted by preference.
		103	The list depends on settings like the cipher list, the supported
		104	protocol versions, the security level, and the enabled signature
		105	algorithms.
		106	The list of ciphers that would be sent in a ClientHello can differ
		107	from the list of ciphers that would be acceptable when acting as a
		108	server.
		109	For example,
		110	additional ciphers may be usable by a server if there is a gap in the
		111	list of supported protocols, and some ciphers may not be usable by a
		112	server if there is not a suitable certificate configured.
		113	If
		114	.Fa ssl
		115	is
		116	.Dv NULL
		117	or no ciphers are available,
		118	.Dv NULL
		119	is returned.
		120	.Pp
		121	.Fn SSL_get_client_ciphers
		122	returns the stack of available
		123	.Vt SSL_CIPHER Ns s
		124	matching the list received from the client on
		125	.Fa ssl .
		126	If
		127	.Fa ssl
		128	is
		129	.Dv NULL ,
		130	no ciphers are available, or
		131	.Fa ssl
		132	is not operating in server mode,
		133	.Dv NULL
		134	is returned.
		135	.Pp
		136	.Fn SSL_get_ciphers ,
		137	.Fn SSL_CTX_get_ciphers ,
92	and	138	and
93	.Fn SSL_CTX_get_ciphers	139	.Fn SSL_get_client_ciphers
94	return pointers to internal cipher stacks, which will be freed	140	return pointers to internal cipher stacks, which will be freed
95	later on when the	141	later on when the
96	.Vt SSL	142	.Vt SSL
@@ -100,9 +146,11 @@ object is freed.
100	Therefore, the calling code must not free the return value itself.	146	Therefore, the calling code must not free the return value itself.
101	.Pp	147	.Pp
102	The details of the ciphers obtained by	148	The details of the ciphers obtained by
103	.Fn SSL_get_ciphers	149	.Fn SSL_get_ciphers ,
		150	.Fn SSL_CTX_get_ciphers ,
		151	.Fn SSL_get1_supported_ciphers ,
104	and	152	and
105	.Fn SSL_CTX_get_ciphers	153	.Fn SSL_get_client_ciphers
106	can be obtained using the	154	can be obtained using the
107	.Xr SSL_CIPHER_get_name 3	155	.Xr SSL_CIPHER_get_name 3
108	family of functions.	156	family of functions.
@@ -146,3 +194,9 @@ Both functions have been available since
146	.Fn SSL_CTX_get_ciphers	194	.Fn SSL_CTX_get_ciphers
147	first appeared in OpenSSL 1.1.0 and has been available since	195	first appeared in OpenSSL 1.1.0 and has been available since
148	.Ox 6.3 .	196	.Ox 6.3 .
		197	.Pp
		198	.Fn SSL_get1_supported_ciphers
		199	and
		200	.Fn SSL_get_client_ciphers
		201	first appeared in OpenSSL 1.1.0 and has been available since
		202	.Ox 6.5 .