Clean up CIPHERS and related sections:

- Sync cipher strings with the ones that are actually implemented. - Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY sections. - Stop mentioning export cipher suites since they have already been removed. feedback from deraadt@ and jmc@ ok jmc@
author: lteo <> 2014-12-24 03:22:17 +0000
committer: lteo <> 2014-12-24 03:22:17 +0000
commit: 8941623673e953fb6836a71799136d0e0cff0d4b (patch)
tree: 054ac577b5a132423734c370e661c34e670ab24f /src
parent: 2c36c7afcc26b8f9597e5d42f79d981d48336bc4 (diff)
download: openbsd-8941623673e953fb6836a71799136d0e0cff0d4b.tar.gz
openbsd-8941623673e953fb6836a71799136d0e0cff0d4b.tar.bz2
openbsd-8941623673e953fb6836a71799136d0e0cff0d4b.zip
1 files changed, 10 insertions, 154 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index c96b5dc1dc..43227044cd 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.8 2014/12/19 03:58:02 lteo Exp $
+.\" $OpenBSD: openssl.1,v 1.9 2014/12/24 03:22:17 lteo Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: December 19 2014 $
+.Dd $Mdocdate: December 24 2014 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -1444,9 +1444,7 @@ Verbose option.
 List ciphers with a complete description of protocol version
 .Pq SSLv3, which includes TLS ,
 key exchange, authentication, encryption and mac algorithms used along with
-any key size restrictions and whether the algorithm is classed as an
+any key size restrictions.
-.Em export
-cipher.
 Note that without the
 .Fl v
 option, ciphers may seem to appear twice in a cipher list;
@@ -1562,12 +1560,7 @@ encryption cipher suites, currently those using 128-bit encryption.
 .It Ar LOW
 .Qq Low
 encryption cipher suites, currently those using 64- or 56-bit encryption
-algorithms, but excluding export cipher suites.
+algorithms.
-.It Ar EXP , EXPORT
-Export encryption algorithms.
-Including 40- and 56-bit algorithms.
-.It Ar EXPORT40
-40-bit export encryption algorithms.
 .It Ar eNULL , NULL
 The
 .Qq NULL
@@ -1603,138 +1596,17 @@ Cipher suites using DES
 .Pq not triple DES .
 .It Ar RC4
 Cipher suites using RC4.
-.It Ar RC2
+.It Ar CAMELLIA
-Cipher suites using RC2.
+Cipher suites using Camellia.
+.It Ar CHACHA20
+Cipher suites using ChaCha20.
+.It Ar IDEA
+Cipher suites using IDEA.
 .It Ar MD5
 Cipher suites using MD5.
 .It Ar SHA1 , SHA
 Cipher suites using SHA1.
 .El
-.Sh CIPHERS SUITE NAMES
-The following lists give the SSL or TLS cipher suites names from the
-relevant specification and their
-.Nm OpenSSL
-equivalents.
-It should be noted that several cipher suite names do not include the
-authentication used, e.g. DES-CBC3-SHA.
-In these cases, RSA authentication is used.
-.Ss SSL v3.0 cipher suites
-.Bd -unfilled -offset indent
-SSL_RSA_WITH_NULL_MD5                   NULL-MD5
-SSL_RSA_WITH_NULL_SHA                   NULL-SHA
-SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
-SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
-SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
-SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
-SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
-SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
-SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
-SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
-SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
-SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
-SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
-SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
-SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
-SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
-SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
-SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
-SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
-SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
-SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
-SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
-SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
-SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
-SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
-SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
-SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
-SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
-SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
-SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
-.Ed
-.Ss TLS v1.0 cipher suites
-.Bd -unfilled -offset indent
-TLS_RSA_WITH_NULL_MD5                   NULL-MD5
-TLS_RSA_WITH_NULL_SHA                   NULL-SHA
-TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
-TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
-TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
-TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
-TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
-TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
-TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
-TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
-TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
-TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
-TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
-TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
-TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
-TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
-TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
-TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
-TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
-TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
-TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
-TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
-TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
-TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
-TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
-.Ed
-.Ss AES ciphersuites from RFC 3268, extending TLS v1.0
-.Bd -unfilled -offset indent
-TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
-TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
-TLS_DH_DSS_WITH_AES_128_CBC_SHA         Not implemented.
-TLS_DH_DSS_WITH_AES_256_CBC_SHA         Not implemented.
-TLS_DH_RSA_WITH_AES_128_CBC_SHA         Not implemented.
-TLS_DH_RSA_WITH_AES_256_CBC_SHA         Not implemented.
-TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
-TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
-TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
-TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
-TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
-TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
-.Ed
-.Ss GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
-.Sy Note :
-These ciphers require an engine which includes GOST cryptographic
-algorithms, such as the
-.Dq ccgost
-engine, included in the OpenSSL distribution.
-.Bd -unfilled -offset indent
-TLS_GOSTR341094_WITH_28147_CNT_IMIT     GOST94-GOST89-GOST89
-TLS_GOSTR341001_WITH_28147_CNT_IMIT     GOST2001-GOST89-GOST89
-TLS_GOSTR341094_WITH_NULL_GOSTR3411     GOST94-NULL-GOST94
-TLS_GOSTR341001_WITH_NULL_GOSTR3411     GOST2001-NULL-GOST94
-.Ed
-.Ss Additional Export 1024 and other cipher suites
-.Sy Note :
-These ciphers can also be used in SSL v3.
-.Bd -unfilled -offset indent
-TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
-TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
-TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
-TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
-.Ed
-.Sh CIPHERS NOTES
-The non-ephemeral DH modes are currently unimplemented in
-.Nm OpenSSL
-because there is no support for DH certificates.
-.Pp
-Some compiled versions of
-.Nm OpenSSL
-may not include all the ciphers
-listed here because some ciphers were excluded at compile time.
 .Sh CIPHERS EXAMPLES
 Verbose listing of all
 .Nm OpenSSL
@@ -1759,22 +1631,6 @@ Include all ciphers with RSA authentication but leave out ciphers without
 encryption:
 .Pp
 .Dl $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
-.Sh CIPHERS HISTORY
-The
-.Ar COMPLEMENTOFALL
-and
-.Ar COMPLEMENTOFDEFAULT
-selection options were added in
-.Nm OpenSSL
-0.9.7.
-.Pp
-The
-.Fl V
-option of the
-.Nm ciphers
-command was added in
-.Nm OpenSSL
-1.0.0.
 .\"
 .\" CRL
 .\"
author	lteo <>	2014-12-24 03:22:17 +0000
committer	lteo <>	2014-12-24 03:22:17 +0000
commit	8941623673e953fb6836a71799136d0e0cff0d4b (patch)
tree	054ac577b5a132423734c370e661c34e670ab24f /src
parent	2c36c7afcc26b8f9597e5d42f79d981d48336bc4 (diff)
download	openbsd-8941623673e953fb6836a71799136d0e0cff0d4b.tar.gz openbsd-8941623673e953fb6836a71799136d0e0cff0d4b.tar.bz2 openbsd-8941623673e953fb6836a71799136d0e0cff0d4b.zip

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index c96b5dc1dc..43227044cd 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.8 2014/12/19 03:58:02 lteo Exp $	1	.\" $OpenBSD: openssl.1,v 1.9 2014/12/24 03:22:17 lteo Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -112,7 +112,7 @@
112	.\"	112	.\"
113	.\" OPENSSL	113	.\" OPENSSL
114	.\"	114	.\"
115	.Dd $Mdocdate: December 19 2014 $	115	.Dd $Mdocdate: December 24 2014 $
116	.Dt OPENSSL 1	116	.Dt OPENSSL 1
117	.Os	117	.Os
118	.Sh NAME	118	.Sh NAME
@@ -1444,9 +1444,7 @@ Verbose option.
1444	List ciphers with a complete description of protocol version	1444	List ciphers with a complete description of protocol version
1445	.Pq SSLv3, which includes TLS ,	1445	.Pq SSLv3, which includes TLS ,
1446	key exchange, authentication, encryption and mac algorithms used along with	1446	key exchange, authentication, encryption and mac algorithms used along with
1447	any key size restrictions and whether the algorithm is classed as an	1447	any key size restrictions.
1448	.Em export
1449	cipher.
1450	Note that without the	1448	Note that without the
1451	.Fl v	1449	.Fl v
1452	option, ciphers may seem to appear twice in a cipher list;	1450	option, ciphers may seem to appear twice in a cipher list;
@@ -1562,12 +1560,7 @@ encryption cipher suites, currently those using 128-bit encryption.
1562	.It Ar LOW	1560	.It Ar LOW
1563	.Qq Low	1561	.Qq Low
1564	encryption cipher suites, currently those using 64- or 56-bit encryption	1562	encryption cipher suites, currently those using 64- or 56-bit encryption
1565	algorithms, but excluding export cipher suites.	1563	algorithms.
1566	.It Ar EXP , EXPORT
1567	Export encryption algorithms.
1568	Including 40- and 56-bit algorithms.
1569	.It Ar EXPORT40
1570	40-bit export encryption algorithms.
1571	.It Ar eNULL , NULL	1564	.It Ar eNULL , NULL
1572	The	1565	The
1573	.Qq NULL	1566	.Qq NULL
@@ -1603,138 +1596,17 @@ Cipher suites using DES
1603	.Pq not triple DES .	1596	.Pq not triple DES .
1604	.It Ar RC4	1597	.It Ar RC4
1605	Cipher suites using RC4.	1598	Cipher suites using RC4.
1606	.It Ar RC2	1599	.It Ar CAMELLIA
1607	Cipher suites using RC2.	1600	Cipher suites using Camellia.
		1601	.It Ar CHACHA20
		1602	Cipher suites using ChaCha20.
		1603	.It Ar IDEA
		1604	Cipher suites using IDEA.
1608	.It Ar MD5	1605	.It Ar MD5
1609	Cipher suites using MD5.	1606	Cipher suites using MD5.
1610	.It Ar SHA1 , SHA	1607	.It Ar SHA1 , SHA
1611	Cipher suites using SHA1.	1608	Cipher suites using SHA1.
1612	.El	1609	.El
1613	.Sh CIPHERS SUITE NAMES
1614	The following lists give the SSL or TLS cipher suites names from the
1615	relevant specification and their
1616	.Nm OpenSSL
1617	equivalents.
1618	It should be noted that several cipher suite names do not include the
1619	authentication used, e.g. DES-CBC3-SHA.
1620	In these cases, RSA authentication is used.
1621	.Ss SSL v3.0 cipher suites
1622	.Bd -unfilled -offset indent
1623	SSL_RSA_WITH_NULL_MD5 NULL-MD5
1624	SSL_RSA_WITH_NULL_SHA NULL-SHA
1625	SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
1626	SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
1627	SSL_RSA_WITH_RC4_128_SHA RC4-SHA
1628	SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
1629	SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
1630	SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
1631	SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
1632	SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
1633
1634	SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
1635	SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
1636	SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
1637	SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
1638	SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
1639	SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
1640	SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
1641	SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
1642	SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
1643	SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
1644	SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
1645	SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
1646
1647	SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
1648	SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
1649	SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
1650	SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
1651	SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
1652
1653	SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
1654	SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
1655	SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
1656	.Ed
1657	.Ss TLS v1.0 cipher suites
1658	.Bd -unfilled -offset indent
1659	TLS_RSA_WITH_NULL_MD5 NULL-MD5
1660	TLS_RSA_WITH_NULL_SHA NULL-SHA
1661	TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
1662	TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
1663	TLS_RSA_WITH_RC4_128_SHA RC4-SHA
1664	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
1665	TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
1666	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
1667	TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
1668	TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
1669
1670	TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
1671	TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
1672	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
1673	TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
1674	TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
1675	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
1676	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
1677	TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
1678	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
1679	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
1680	TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
1681	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
1682
1683	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
1684	TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
1685	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
1686	TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
1687	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
1688	.Ed
1689	.Ss AES ciphersuites from RFC 3268, extending TLS v1.0
1690	.Bd -unfilled -offset indent
1691	TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
1692	TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
1693
1694	TLS_DH_DSS_WITH_AES_128_CBC_SHA Not implemented.
1695	TLS_DH_DSS_WITH_AES_256_CBC_SHA Not implemented.
1696	TLS_DH_RSA_WITH_AES_128_CBC_SHA Not implemented.
1697	TLS_DH_RSA_WITH_AES_256_CBC_SHA Not implemented.
1698
1699	TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
1700	TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
1701	TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
1702	TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
1703
1704	TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
1705	TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
1706	.Ed
1707	.Ss GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
1708	.Sy Note :
1709	These ciphers require an engine which includes GOST cryptographic
1710	algorithms, such as the
1711	.Dq ccgost
1712	engine, included in the OpenSSL distribution.
1713	.Bd -unfilled -offset indent
1714	TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
1715	TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
1716	TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
1717	TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
1718	.Ed
1719	.Ss Additional Export 1024 and other cipher suites
1720	.Sy Note :
1721	These ciphers can also be used in SSL v3.
1722	.Bd -unfilled -offset indent
1723	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
1724	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
1725	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
1726	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
1727	TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
1728	.Ed
1729	.Sh CIPHERS NOTES
1730	The non-ephemeral DH modes are currently unimplemented in
1731	.Nm OpenSSL
1732	because there is no support for DH certificates.
1733	.Pp
1734	Some compiled versions of
1735	.Nm OpenSSL
1736	may not include all the ciphers
1737	listed here because some ciphers were excluded at compile time.
1738	.Sh CIPHERS EXAMPLES	1610	.Sh CIPHERS EXAMPLES
1739	Verbose listing of all	1611	Verbose listing of all
1740	.Nm OpenSSL	1612	.Nm OpenSSL
@@ -1759,22 +1631,6 @@ Include all ciphers with RSA authentication but leave out ciphers without
1759	encryption:	1631	encryption:
1760	.Pp	1632	.Pp
1761	.Dl $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'	1633	.Dl $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
1762	.Sh CIPHERS HISTORY
1763	The
1764	.Ar COMPLEMENTOFALL
1765	and
1766	.Ar COMPLEMENTOFDEFAULT
1767	selection options were added in
1768	.Nm OpenSSL
1769	0.9.7.
1770	.Pp
1771	The
1772	.Fl V
1773	option of the
1774	.Nm ciphers
1775	command was added in
1776	.Nm OpenSSL
1777	1.0.0.
1778	.\"	1634	.\"
1779	.\" CRL	1635	.\" CRL
1780	.\"	1636	.\"