From 60290a186f3d3268aa2f60c3c42b3793db09edad Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Tue, 29 Nov 2016 19:18:52 +0000 Subject: Add Copyright and license. SSLv2 and export ciphers are no longer supported, delete related text. Sync SSL_CIPHER_description(3) return values with the source code. Wording simplifications from OpenSSL. Delete empty RETURN VALUES section. --- src/lib/libssl/man/SSL_CIPHER_get_name.3 | 166 ++++++++++++++++++------------- 1 file changed, 99 insertions(+), 67 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/man/SSL_CIPHER_get_name.3 b/src/lib/libssl/man/SSL_CIPHER_get_name.3 index c4661c8faf..1cd980af78 100644 --- a/src/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/src/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -1,7 +1,55 @@ +.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.2 2016/11/29 19:18:52 schwarze Exp $ +.\" OpenSSL 45f55f6a Nov 30 15:35:22 2014 +0100 .\" -.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $ +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2005, 2009, 2013, 2014 The OpenSSL Project. +.\" All rights reserved. .\" -.Dd $Mdocdate: November 5 2016 $ +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 29 2016 $ .Dt SSL_CIPHER_GET_NAME 3 .Os .Sh NAME @@ -25,11 +73,11 @@ returns a pointer to the name of .Fa cipher . If the -argument is the -.Dv NULL -pointer, a pointer to the constant value -.Qq NONE -is returned. +.Fa cipher +is +.Dv NULL , +it returns +.Qq (NONE) . .Pp .Fn SSL_CIPHER_get_bits returns the number of secret bits used for @@ -50,8 +98,6 @@ is returns a string which indicates the SSL/TLS protocol version that first defined the cipher. This is currently -.Qq SSLv2 -or .Qq TLSv1/SSLv3 . In some cases it should possibly return .Qq TLSv1.2 @@ -89,87 +135,73 @@ is and the allocation fails, a pointer to the string .Qq Buffer too small is returned. -.Sh NOTES -The number of bits processed can be different from the secret bits. -For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits. -The algorithm does use the full 128 bits (which would be returned for -.Fa alg_bits ) , -but 88 bits are fixed. -The search space is hence only 40 bits. .Pp The string returned by .Fn SSL_CIPHER_description -in case of success consists -of cleartext information separated by one or more blanks in the following -sequence: +consists of several fields separated by whitespace: .Bl -tag -width Ds .It Aq Ar ciphername Textual representation of the cipher name. .It Aq Ar protocol version Protocol version: -.Em SSLv2 , -.Em SSLv3 , -.Em TLSv1.2 . +.Sy SSLv3 +or +.Sy TLSv1.2 . The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1. .It Kx= Ns Aq Ar key exchange Key exchange method: -.Em RSA -(for export ciphers as -.Em RSA(512) -or -.Em RSA(1024) ) , -.Em DH -(for export ciphers as -.Em DH(512) +.Sy DH , +.Sy ECDH , +.Sy GOST , or -.Em DH(1024) ) , -.Em DH/RSA , -.Em DH/DSS , -.Em Fortezza . +.Sy RSA . .It Au= Ns Aq Ar authentication Authentication method: -.Em RSA , -.Em DSS , -.Em DH , -.Em None . -.Em None +.Sy DSS , +.Sy ECDSA , +.Sy GOST01 , +.Sy RSA , +or +.Sy None . +.Sy None is the representation of anonymous ciphers. .It Enc= Ns Aq Ar symmetric encryption method Encryption method with number of secret bits: -.Em DES(40) , -.Em DES(56) , -.Em 3DES(168) , -.Em RC4(40) , -.Em RC4(56) , -.Em RC4(64) , -.Em RC4(128) , -.Em RC2(40) , -.Em RC2(56) , -.Em RC2(128) , -.Em IDEA(128) , -.Em Fortezza , -.Em None . +.Sy DES(56) , +.Sy 3DES(168) , +.Sy RC4(64) , +.Sy RC4(128) , +.Sy IDEA(128) , +.Sy AES(128) , +.Sy AES(256) , +.Sy AESCGM(128) , +.Sy AESCGM(256) , +.Sy Camellia(128) , +.Sy Camellia(256) , +.Sy ChaCha20-Poly1305 , +.Sy ChaCha20-Poly1305-Old , +.Sy GOST-28178-89-CNT , +or +.Sy None . .It Mac= Ns Aq Ar message authentication code Message digest: -.Em MD5 , -.Em SHA1 . -.It Aq Ar export flag -If the cipher is flagged exportable with respect to old US crypto -regulations, the word -.Dq export -is printed. +.Sy MD5 , +.Sy SHA1 , +.Sy SHA256 , +.Sy SHA384 , +.Sy AEAD , +.Sy GOST94 , +.Sy GOST89IMIT , +.Sy STREEBOG256 , +.Sy STREEBOG512 . .El -.Sh RETURN VALUES -See -.Sx DESCRIPTION .Sh EXAMPLES -Some examples for the output of +An example for the output of .Fn SSL_CIPHER_description : -.D1 "EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1" -.D1 "EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1" -.D1 "RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5" -.D1 "EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export" +.Bd -literal +ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD +.Ed .Pp A complete list can be retrieved by invoking the following command: .Pp -- cgit v1.2.3-55-g6feb