1 files changed, 29 insertions, 31 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
index c88388fb6f..95f22b1d64 100644
--- a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
+++ b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.14 2020/04/25 13:50:05 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.15 2020/04/25 14:03:38 schwarze Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -157,17 +157,14 @@ is selected.
 Cipher suites using ephemeral DH for key exchange
 without doing any server authentication.
 Equivalent to
-.Cm kEDH Ns + Ns Cm aNULL .
+.Cm DH Ns + Ns Cm aNULL .
-.It Cm aDSS
-Cipher suites using DSS server authentication.
-LibreSSL no longer provides any such cipher suites.
 .It Cm AEAD
 Cipher suites using Authenticated Encryption with Additional Data.
 .It Cm AECDH
 Cipher suites using ephemeral ECDH for key exchange
 without doing any server authentication.
 Equivalent to
-.Cm kEECDH Ns + Ns Cm aNULL .
+.Cm ECDH Ns + Ns Cm aNULL .
 .It Cm aECDSA
 Cipher suites using ECDSA server authentication.
 .It Cm AES
@@ -216,45 +213,31 @@ Currently similar to
 except for the order of the cipher suites which are
 .Em not
 selected.
-.It Cm DES
-Cipher suites using single DES for symmetric encryption.
-LibreSSL no longer provides any such cipher suites.
 .It Cm 3DES
 Cipher suites using triple DES for symmetric encryption.
 .It Cm DH
-An alias for
+Cipher suites using ephemeral DH for key exchange.
-.Cm kEDH .
 .It Cm DHE
 Cipher suites using ephemeral DH for key exchange,
 but excluding those that don't do any server authentication.
 Similar to
-.Cm kEDH Ns :! Ns Cm aNULL
+.Cm DH Ns :! Ns Cm aNULL
 except for the order of the cipher suites which are
 .Em not
 selected.
-.It Cm DSS
-An alias for
-.Cm aDSS .
 .It Cm ECDH
-An alias for
+Cipher suites using ephemeral ECDH for key exchange.
-.Cm kEECDH .
 .It Cm ECDHE
 Cipher suites using ephemeral ECDH for key exchange,
 but excluding those that don't do any server authentication.
 Similar to
-.Cm kEECDH Ns :! Ns Cm aNULL
+.Cm ECDH Ns :! Ns Cm aNULL
 except for the order of the cipher suites which are
 .Em not
 selected.
 .It Cm ECDSA
 An alias for
 .Cm aECDSA .
-.It Cm EDH
-An alias for
-.Cm DHE .
-.It Cm EECDH
-An alias for
-.Cm ECDHE .
 .It Cm eNULL
 Cipher suites that do not use any encryption.
 Not enabled by
@@ -269,13 +252,6 @@ Cipher suites using HMAC based on GOST R 34.11-94
 for message authentication.
 .It Cm HIGH
 Cipher suites of high strength.
-.It Cm IDEA
-Cipher suites using IDEA for symmetric encryption.
-LibreSSL does not provide any such cipher suites.
-.It Cm kEDH
-Cipher suites using ephemeral DH for key exchange.
-.It Cm kEECDH
-Cipher suites using ephemeral ECDH for key exchange.
 .It Cm kGOST
 Cipher suites using VKO 34.10 key exchange, specified in RFC 4357.
 .It Cm kRSA
@@ -329,6 +305,28 @@ The full words returned by the
 .Cm ciphers
 command can be used to select individual cipher suites.
 .Pp
+The following words do not match anything because
+LibreSSL no longer provides any such cipher suites:
+.Pp
+.Bl -tag -width Ds -compact
+.It Cm DES
+Cipher suites using single DES for symmetric encryption.
+.It Cm DSS
+Cipher suites using DSS server authentication.
+.It Cm IDEA
+Cipher suites using IDEA for symmetric encryption.
+.El
+.Pp
+The following are deprecated aliases:
+.Pp
+.Bl -column kEECDH ECDHE -compact -offset indent
+.It    avoid: Ta    use:
+.It Cm EDH    Ta Cm DHE
+.It Cm EECDH  Ta Cm ECDHE
+.It Cm kEDH   Ta Cm DH
+.It Cm kEECDH Ta Cm ECDH
+.El
+.Pp
 Unknown words are silently ignored, selecting no cipher suites.
 Failure is only flagged if the
 .Fa control

diff --git a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 index c88388fb6f..95f22b1d64 100644 --- a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.14 2020/04/25 13:50:05 schwarze Exp $	1	.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.15 2020/04/25 14:03:38 schwarze Exp $
2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -157,17 +157,14 @@ is selected.
157	Cipher suites using ephemeral DH for key exchange	157	Cipher suites using ephemeral DH for key exchange
158	without doing any server authentication.	158	without doing any server authentication.
159	Equivalent to	159	Equivalent to
160	.Cm kEDH Ns + Ns Cm aNULL .	160	.Cm DH Ns + Ns Cm aNULL .
161	.It Cm aDSS
162	Cipher suites using DSS server authentication.
163	LibreSSL no longer provides any such cipher suites.
164	.It Cm AEAD	161	.It Cm AEAD
165	Cipher suites using Authenticated Encryption with Additional Data.	162	Cipher suites using Authenticated Encryption with Additional Data.
166	.It Cm AECDH	163	.It Cm AECDH
167	Cipher suites using ephemeral ECDH for key exchange	164	Cipher suites using ephemeral ECDH for key exchange
168	without doing any server authentication.	165	without doing any server authentication.
169	Equivalent to	166	Equivalent to
170	.Cm kEECDH Ns + Ns Cm aNULL .	167	.Cm ECDH Ns + Ns Cm aNULL .
171	.It Cm aECDSA	168	.It Cm aECDSA
172	Cipher suites using ECDSA server authentication.	169	Cipher suites using ECDSA server authentication.
173	.It Cm AES	170	.It Cm AES
@@ -216,45 +213,31 @@ Currently similar to
216	except for the order of the cipher suites which are	213	except for the order of the cipher suites which are
217	.Em not	214	.Em not
218	selected.	215	selected.
219	.It Cm DES
220	Cipher suites using single DES for symmetric encryption.
221	LibreSSL no longer provides any such cipher suites.
222	.It Cm 3DES	216	.It Cm 3DES
223	Cipher suites using triple DES for symmetric encryption.	217	Cipher suites using triple DES for symmetric encryption.
224	.It Cm DH	218	.It Cm DH
225	An alias for	219	Cipher suites using ephemeral DH for key exchange.
226	.Cm kEDH .
227	.It Cm DHE	220	.It Cm DHE
228	Cipher suites using ephemeral DH for key exchange,	221	Cipher suites using ephemeral DH for key exchange,
229	but excluding those that don't do any server authentication.	222	but excluding those that don't do any server authentication.
230	Similar to	223	Similar to
231	.Cm kEDH Ns :! Ns Cm aNULL	224	.Cm DH Ns :! Ns Cm aNULL
232	except for the order of the cipher suites which are	225	except for the order of the cipher suites which are
233	.Em not	226	.Em not
234	selected.	227	selected.
235	.It Cm DSS
236	An alias for
237	.Cm aDSS .
238	.It Cm ECDH	228	.It Cm ECDH
239	An alias for	229	Cipher suites using ephemeral ECDH for key exchange.
240	.Cm kEECDH .
241	.It Cm ECDHE	230	.It Cm ECDHE
242	Cipher suites using ephemeral ECDH for key exchange,	231	Cipher suites using ephemeral ECDH for key exchange,
243	but excluding those that don't do any server authentication.	232	but excluding those that don't do any server authentication.
244	Similar to	233	Similar to
245	.Cm kEECDH Ns :! Ns Cm aNULL	234	.Cm ECDH Ns :! Ns Cm aNULL
246	except for the order of the cipher suites which are	235	except for the order of the cipher suites which are
247	.Em not	236	.Em not
248	selected.	237	selected.
249	.It Cm ECDSA	238	.It Cm ECDSA
250	An alias for	239	An alias for
251	.Cm aECDSA .	240	.Cm aECDSA .
252	.It Cm EDH
253	An alias for
254	.Cm DHE .
255	.It Cm EECDH
256	An alias for
257	.Cm ECDHE .
258	.It Cm eNULL	241	.It Cm eNULL
259	Cipher suites that do not use any encryption.	242	Cipher suites that do not use any encryption.
260	Not enabled by	243	Not enabled by
@@ -269,13 +252,6 @@ Cipher suites using HMAC based on GOST R 34.11-94
269	for message authentication.	252	for message authentication.
270	.It Cm HIGH	253	.It Cm HIGH
271	Cipher suites of high strength.	254	Cipher suites of high strength.
272	.It Cm IDEA
273	Cipher suites using IDEA for symmetric encryption.
274	LibreSSL does not provide any such cipher suites.
275	.It Cm kEDH
276	Cipher suites using ephemeral DH for key exchange.
277	.It Cm kEECDH
278	Cipher suites using ephemeral ECDH for key exchange.
279	.It Cm kGOST	255	.It Cm kGOST
280	Cipher suites using VKO 34.10 key exchange, specified in RFC 4357.	256	Cipher suites using VKO 34.10 key exchange, specified in RFC 4357.
281	.It Cm kRSA	257	.It Cm kRSA
@@ -329,6 +305,28 @@ The full words returned by the
329	.Cm ciphers	305	.Cm ciphers
330	command can be used to select individual cipher suites.	306	command can be used to select individual cipher suites.
331	.Pp	307	.Pp
		308	The following words do not match anything because
		309	LibreSSL no longer provides any such cipher suites:
		310	.Pp
		311	.Bl -tag -width Ds -compact
		312	.It Cm DES
		313	Cipher suites using single DES for symmetric encryption.
		314	.It Cm DSS
		315	Cipher suites using DSS server authentication.
		316	.It Cm IDEA
		317	Cipher suites using IDEA for symmetric encryption.
		318	.El
		319	.Pp
		320	The following are deprecated aliases:
		321	.Pp
		322	.Bl -column kEECDH ECDHE -compact -offset indent
		323	.It avoid: Ta use:
		324	.It Cm EDH Ta Cm DHE
		325	.It Cm EECDH Ta Cm ECDHE
		326	.It Cm kEDH Ta Cm DH
		327	.It Cm kEECDH Ta Cm ECDH
		328	.El
		329	.Pp
332	Unknown words are silently ignored, selecting no cipher suites.	330	Unknown words are silently ignored, selecting no cipher suites.
333	Failure is only flagged if the	331	Failure is only flagged if the
334	.Fa control	332	.Fa control