diff options
| author | Kurt Roeckx <kurt@roeckx.be> | 2016-02-07 20:34:03 +0100 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2016-03-09 19:10:28 +0100 |
| commit | 29c4cf0cd12100cb45a6ef59fdbd435954d16d5d (patch) | |
| tree | c2a64d5bf6089a461259acabaa488af7b039651d /doc | |
| parent | Document SSL_get1_supported_ciphers (diff) | |
| download | openssl-29c4cf0cd12100cb45a6ef59fdbd435954d16d5d.tar.xz openssl-29c4cf0cd12100cb45a6ef59fdbd435954d16d5d.zip | |
Update ciphers -s documentation
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/apps/ciphers.pod | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 344e2188aa..9788fa31f0 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -36,9 +36,21 @@ Print a usage message. =item B<-s> -Only list supported ciphers: those consistent with the security level. This -is the actual cipher list an application will support. If this option is -not used then ciphers excluded by the security level will still be listed. +Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. +This is closer to the actual cipher list an application will support. + +This program does not set up support for SRP and so SRP based ciphers will +always be excluded when using this option. +PSK ciphers are not enabled by default and it requires the B<-psk> to enable +them. +It also does not change the default list of supported signature algorithms. + +On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of DH parameters. + +If this option is not used then all ciphers that match the cipherlist will be +listed. =item B<-psk> |