summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/man/SSL_CTX_set_cipher_list.334
1 files changed, 30 insertions, 4 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
index bf1cb5ed50..a41b680c23 100644
--- a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
+++ b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -1,10 +1,10 @@
1.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.10 2019/12/19 20:23:25 jmc Exp $ 1.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.11 2020/04/11 14:01:59 schwarze Exp $
2.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 2.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3.\" 3.\"
4.\" This file is a derived work. 4.\" This file is a derived work.
5.\" The changes are covered by the following Copyright and license: 5.\" The changes are covered by the following Copyright and license:
6.\" 6.\"
7.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org> 7.\" Copyright (c) 2018, 2020 Ingo Schwarze <schwarze@openbsd.org>
8.\" 8.\"
9.\" Permission to use, copy, modify, and distribute this software for any 9.\" Permission to use, copy, modify, and distribute this software for any
10.\" purpose with or without fee is hereby granted, provided that the above 10.\" purpose with or without fee is hereby granted, provided that the above
@@ -65,7 +65,7 @@
65.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 65.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66.\" OF THE POSSIBILITY OF SUCH DAMAGE. 66.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67.\" 67.\"
68.Dd $Mdocdate: December 19 2019 $ 68.Dd $Mdocdate: April 11 2020 $
69.Dt SSL_CTX_SET_CIPHER_LIST 3 69.Dt SSL_CTX_SET_CIPHER_LIST 3
70.Os 70.Os
71.Sh NAME 71.Sh NAME
@@ -134,6 +134,12 @@ An alias for
134.Cm ALL No :! Cm aNULL No :! Cm eNULL . 134.Cm ALL No :! Cm aNULL No :! Cm eNULL .
135.Sm on 135.Sm on
136It can only be used as the first word. 136It can only be used as the first word.
137The
138.Cm DEFAULT
139cipher list can be displayed with the
140.Xr openssl 1
141.Cm ciphers
142command.
137.It Cm @STRENGTH 143.It Cm @STRENGTH
138Sort the list by decreasing encryption strength, 144Sort the list by decreasing encryption strength,
139preserving the order of cipher suites that have the same strength. 145preserving the order of cipher suites that have the same strength.
@@ -316,9 +322,18 @@ An alias for
316.It Cm STREEBOG256 322.It Cm STREEBOG256
317Cipher suites using STREEBOG256 for message authentication. 323Cipher suites using STREEBOG256 for message authentication.
318.It Cm TLSv1 324.It Cm TLSv1
319Cipher suites usable with any TLS protocol. 325Cipher suites usable with the TLSv1.0, TLSv1.1, and TLSv1.2 protocols.
320.It Cm TLSv1.2 326.It Cm TLSv1.2
321Cipher suites for the TLSv1.2 protocol. 327Cipher suites for the TLSv1.2 protocol.
328.It Cm TLSv1.3
329Cipher suites for the TLSv1.3 protocol.
330If the
331.Fa control
332string neither contains the word
333.Cm TLSv1.3
334nor specifically includes nor excludes any TLSv1.3 cipher suites, all the
335.Cm TLSv1.3
336cipher suites are made available.
322.El 337.El
323.Pp 338.Pp
324The full words returned by the 339The full words returned by the
@@ -371,3 +386,14 @@ and
371.Fn SSL_set_cipher_list 386.Fn SSL_set_cipher_list
372first appeared in SSLeay 0.5.2 and have been available since 387first appeared in SSLeay 0.5.2 and have been available since
373.Ox 2.4 . 388.Ox 2.4 .
389.Sh CAVEATS
390In LibreSSL,
391.Fn SSL_CTX_set_cipher_list
392and
393.Fn SSL_set_cipher_list
394can be used to configure the list of available cipher suites for
395all versions of the TLS protocol, whereas in OpenSSL, they only
396control cipher suites for protocols up to TLSv1.2.
397If compatibility with OpenSSL is required, the list of
398available TLSv1.3 cipher suites can only be changed with
399.Fn SSL_set_ciphersuites .
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 08:48:55 +0000