diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 | 50 |
1 files changed, 34 insertions, 16 deletions
diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 index 77d7c0c15470..22c8dd1bec5f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_CIPHER_LIST 3" -.TH SSL_CTX_SET_CIPHER_LIST 3 "2022-05-03" "1.1.1o" "OpenSSL" +.IX Title "SSL_CTX_SET_CIPHER_LIST 3ossl" +.TH SSL_CTX_SET_CIPHER_LIST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ciphersuites \&\- choose list of available SSL_CIPHERs +SSL_CTX_set_cipher_list, +SSL_set_cipher_list, +SSL_CTX_set_ciphersuites, +SSL_set_ciphersuites, +OSSL_default_cipher_list, +OSSL_default_ciphersuites +\&\- choose list of available SSL_CIPHERs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,12 +154,15 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ \& \& int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); \& int SSL_set_ciphersuites(SSL *s, const char *str); +\& +\& const char *OSSL_default_cipher_list(void); +\& const char *OSSL_default_ciphersuites(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) for \fBctx\fR using the control string \fBstr\fR. The format of the string is described -in \fBciphers\fR\|(1). The list of ciphers is inherited by all +in \fBopenssl\-ciphers\fR\|(1). The list of ciphers is inherited by all \&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 ciphersuites. Use \fBSSL_CTX_set_ciphersuites()\fR to configure those. .PP @@ -184,13 +191,17 @@ An empty list is permissible. The default value for the this setting is: .PP \&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it configures the ciphersuites for \fBssl\fR. +.PP +\&\fBOSSL_default_cipher_list()\fR returns the default cipher string for TLSv1.2 +(and earlier) ciphers. \fBOSSL_default_ciphersuites()\fR returns the default +cipher string for TLSv1.3 ciphersuites. .SH "NOTES" .IX Header "NOTES" -The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR and -\&\fBSSL_set_cipher_list()\fR should be universally usable and not depend -on details of the library configuration (ciphers compiled in). Thus no -syntax checking takes place. Items that are not recognized, because the -corresponding ciphers are not compiled in or because they are mistyped, +The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR, \fBSSL_set_cipher_list()\fR, +\&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR should be universally +usable and not depend on details of the library configuration (ciphers compiled +in). Thus no syntax checking takes place. Items that are not recognized, because +the corresponding ciphers are not compiled in or because they are mistyped, are simply ignored. Failure is only flagged if no ciphers could be collected at all. .PP @@ -201,7 +212,7 @@ additional restrictions apply. All ciphers have additional requirements. \&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key. .PP -A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. +An \s-1RSA\s0 cipher can only be chosen, when an \s-1RSA\s0 certificate is available. \&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters (see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP @@ -214,6 +225,10 @@ client only supports export \s-1RSA\s0 ciphers with an asymmetric key length of 512 bits and the server is not configured to use temporary \s-1RSA\s0 keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated and the handshake will fail. +.PP +\&\fBOSSL_default_cipher_list()\fR and \fBOSSL_default_ciphersuites()\fR replace +\&\s-1SSL_DEFAULT_CIPHER_LIST\s0 and \s-1TLS_DEFAULT_CIPHERSUITES,\s0 respectively. The +cipher list defines are deprecated as of 3.0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher @@ -226,12 +241,15 @@ ciphersuite list was configured, and 0 otherwise. \&\fBssl\fR\|(7), \fBSSL_get_ciphers\fR\|(3), \&\fBSSL_CTX_use_certificate\fR\|(3), \&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fBciphers\fR\|(1) +\&\fBopenssl\-ciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOSSL_default_cipher_list()\fR and \fBOSSL_default_ciphersites()\fR are new in 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. |