diff options
author | marha <marha@users.sourceforge.net> | 2010-03-29 17:08:02 +0000 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2010-03-29 17:08:02 +0000 |
commit | 15272ab4ed1e6250412fccd48200ed9eae59608f (patch) | |
tree | a5996ea67966a778a16565f19dfc2e7c7f49b376 /openssl/doc/apps/ciphers.pod | |
parent | 3827301b2ea5a45ac009c3bf9f08586ff40b8506 (diff) | |
download | vcxsrv-15272ab4ed1e6250412fccd48200ed9eae59608f.tar.gz vcxsrv-15272ab4ed1e6250412fccd48200ed9eae59608f.tar.bz2 vcxsrv-15272ab4ed1e6250412fccd48200ed9eae59608f.zip |
Updated to openssl 1.0.0
Diffstat (limited to 'openssl/doc/apps/ciphers.pod')
-rw-r--r-- | openssl/doc/apps/ciphers.pod | 58 |
1 files changed, 51 insertions, 7 deletions
diff --git a/openssl/doc/apps/ciphers.pod b/openssl/doc/apps/ciphers.pod index 694e433ef..f44aa00a2 100644 --- a/openssl/doc/apps/ciphers.pod +++ b/openssl/doc/apps/ciphers.pod @@ -8,6 +8,7 @@ ciphers - SSL cipher display and cipher list tool. B<openssl> B<ciphers> [B<-v>] +[B<-V>] [B<-ssl2>] [B<-ssl3>] [B<-tls1>] @@ -15,7 +16,7 @@ B<openssl> B<ciphers> =head1 DESCRIPTION -The B<cipherlist> command converts OpenSSL cipher lists into ordered +The B<ciphers> command converts textual OpenSSL cipher lists into ordered SSL cipher preference lists. It can be used as a test tool to determine the appropriate cipherlist. @@ -25,7 +26,7 @@ the appropriate cipherlist. =item B<-v> -verbose option. List ciphers with a complete description of +Verbose option. List ciphers with a complete description of protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange, authentication, encryption and mac algorithms used along with any key size restrictions and whether the algorithm is classed as an "export" cipher. @@ -33,6 +34,10 @@ Note that without the B<-v> option, ciphers may seem to appear twice in a cipher list; this is when similar ciphers are available for SSL v2 and for SSL v3/TLS v1. +=item B<-V> + +Like B<-V>, but include cipher suite codes in output (hex format). + =item B<-ssl3> only include SSL v3 ciphers. @@ -104,8 +109,8 @@ The following is a list of all permitted cipher strings and their meanings. =item B<DEFAULT> -the default cipher list. This is determined at compile time and is normally -B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string +the default cipher list. This is determined at compile time and, as of OpenSSL +1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string specified. =item B<COMPLEMENTOFDEFAULT> @@ -116,7 +121,8 @@ not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary). =item B<ALL> -all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled. +all cipher suites except the B<eNULL> ciphers which must be explicitly enabled; +as of OpenSSL, the B<ALL> cipher suites are reasonably ordered by default =item B<COMPLEMENTOFALL> @@ -245,6 +251,33 @@ cipher suites using MD5. cipher suites using SHA1. +=item B<aGOST> + +cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction +(needs an engine supporting GOST algorithms). + +=item B<aGOST01> + +cipher suites using GOST R 34.10-2001 authentication. + +=item B<aGOST94> + +cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94 +standard has been expired so use GOST R 34.10-2001) + +=item B<kGOST> + +cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357. + +=item B<GOST94> + +cipher suites, using HMAC based on GOST R 34.11-94. + +=item B<GOST89MAC> + +cipher suites using GOST 28147-89 MAC B<instead of> HMAC. + + =back =head1 CIPHER SUITE NAMES @@ -370,6 +403,16 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA +=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0 + +Note: these ciphers require an engine which including GOST cryptographic +algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution. + + TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89 + TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89 + TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94 + TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94 + =head2 Additional Export 1024 and other cipher suites Note: these ciphers can also be used in SSL v3. @@ -428,7 +471,8 @@ L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)> =head1 HISTORY -The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were -added in version 0.9.7. +The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options +for cipherlist strings were added in OpenSSL 0.9.7. +The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0. =cut |