aboutsummaryrefslogtreecommitdiff
path: root/openssl/doc/apps/ciphers.pod
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2010-03-29 17:08:02 +0000
committermarha <marha@users.sourceforge.net>2010-03-29 17:08:02 +0000
commit15272ab4ed1e6250412fccd48200ed9eae59608f (patch)
treea5996ea67966a778a16565f19dfc2e7c7f49b376 /openssl/doc/apps/ciphers.pod
parent3827301b2ea5a45ac009c3bf9f08586ff40b8506 (diff)
downloadvcxsrv-15272ab4ed1e6250412fccd48200ed9eae59608f.tar.gz
vcxsrv-15272ab4ed1e6250412fccd48200ed9eae59608f.tar.bz2
vcxsrv-15272ab4ed1e6250412fccd48200ed9eae59608f.zip
Updated to openssl 1.0.0
Diffstat (limited to 'openssl/doc/apps/ciphers.pod')
-rw-r--r--openssl/doc/apps/ciphers.pod58
1 files changed, 51 insertions, 7 deletions
diff --git a/openssl/doc/apps/ciphers.pod b/openssl/doc/apps/ciphers.pod
index 694e433ef..f44aa00a2 100644
--- a/openssl/doc/apps/ciphers.pod
+++ b/openssl/doc/apps/ciphers.pod
@@ -8,6 +8,7 @@ ciphers - SSL cipher display and cipher list tool.
B<openssl> B<ciphers>
[B<-v>]
+[B<-V>]
[B<-ssl2>]
[B<-ssl3>]
[B<-tls1>]
@@ -15,7 +16,7 @@ B<openssl> B<ciphers>
=head1 DESCRIPTION
-The B<cipherlist> command converts OpenSSL cipher lists into ordered
+The B<ciphers> command converts textual OpenSSL cipher lists into ordered
SSL cipher preference lists. It can be used as a test tool to determine
the appropriate cipherlist.
@@ -25,7 +26,7 @@ the appropriate cipherlist.
=item B<-v>
-verbose option. List ciphers with a complete description of
+Verbose option. List ciphers with a complete description of
protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
authentication, encryption and mac algorithms used along with any key size
restrictions and whether the algorithm is classed as an "export" cipher.
@@ -33,6 +34,10 @@ Note that without the B<-v> option, ciphers may seem to appear twice
in a cipher list; this is when similar ciphers are available for
SSL v2 and for SSL v3/TLS v1.
+=item B<-V>
+
+Like B<-V>, but include cipher suite codes in output (hex format).
+
=item B<-ssl3>
only include SSL v3 ciphers.
@@ -104,8 +109,8 @@ The following is a list of all permitted cipher strings and their meanings.
=item B<DEFAULT>
-the default cipher list. This is determined at compile time and is normally
-B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
+the default cipher list. This is determined at compile time and, as of OpenSSL
+1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
specified.
=item B<COMPLEMENTOFDEFAULT>
@@ -116,7 +121,8 @@ not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
=item B<ALL>
-all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
+all cipher suites except the B<eNULL> ciphers which must be explicitly enabled;
+as of OpenSSL, the B<ALL> cipher suites are reasonably ordered by default
=item B<COMPLEMENTOFALL>
@@ -245,6 +251,33 @@ cipher suites using MD5.
cipher suites using SHA1.
+=item B<aGOST>
+
+cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
+(needs an engine supporting GOST algorithms).
+
+=item B<aGOST01>
+
+cipher suites using GOST R 34.10-2001 authentication.
+
+=item B<aGOST94>
+
+cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
+standard has been expired so use GOST R 34.10-2001)
+
+=item B<kGOST>
+
+cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
+
+=item B<GOST94>
+
+cipher suites, using HMAC based on GOST R 34.11-94.
+
+=item B<GOST89MAC>
+
+cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
+
+
=back
=head1 CIPHER SUITE NAMES
@@ -370,6 +403,16 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA
+=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
+
+Note: these ciphers require an engine which including GOST cryptographic
+algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
+
+ TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+ TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
+
=head2 Additional Export 1024 and other cipher suites
Note: these ciphers can also be used in SSL v3.
@@ -428,7 +471,8 @@ L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
=head1 HISTORY
-The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
-added in version 0.9.7.
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
+for cipherlist strings were added in OpenSSL 0.9.7.
+The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
=cut