From c041f863310ba8ab2a1bce7605887f1deff68a38 Mon Sep 17 00:00:00 2001 From: beck <> Date: Fri, 11 Sep 2015 09:02:10 +0000 Subject: specify what is permitted as an argument to tls_config_set_ciphers() --- src/lib/libtls/tls_init.3 | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index b6e9e5d276..6197817f6f 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_init.3,v 1.36 2015/09/11 07:09:05 jmc Exp $ +.\" $OpenBSD: tls_init.3,v 1.37 2015/09/11 09:02:10 beck Exp $ .\" .\" Copyright (c) 2014 Ted Unangst .\" @@ -281,6 +281,16 @@ sets the public certificate directly from memory. .It .Fn tls_config_set_ciphers sets the list of ciphers that may be used. +Lists of ciphers are specified by name, and the +permitted names are: +.Pp +.Bl -tag -width "default" -offset indent -compact +.It Dv "secure" +.It Dv "default" (an alias for secure) +.It Dv "legacy" +.It Dv "compat" (an alias for legacy) +.El +.Pp .Em (Client and server) .It .Fn tls_config_set_key_file -- cgit v1.2.3-55-g6feb