aboutsummaryrefslogtreecommitdiff
path: root/secure/usr.bin/openssl/man/openssl.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/openssl.1')
-rw-r--r--secure/usr.bin/openssl/man/openssl.148
1 files changed, 26 insertions, 22 deletions
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
index 2e14d64a46b0..ed1b76a592dd 100644
--- a/secure/usr.bin/openssl/man/openssl.1
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -1,5 +1,5 @@
.\" -*- mode: troff; coding: utf-8 -*-
-.\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -52,10 +52,13 @@
. \}
.\}
.rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
.\" ========================================================================
.\"
.IX Title "OPENSSL 1ossl"
-.TH OPENSSL 1ossl 2025-09-30 3.5.4 OpenSSL
+.TH OPENSSL 1ossl 2026-04-07 3.5.6 OpenSSL
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -79,7 +82,7 @@ and Transport Layer Security (TLS) network protocols and related
cryptography standards required by them.
.PP
The \fBopenssl\fR program is a command line program for using the various
-cryptography functions of OpenSSL's \fBcrypto\fR library from the shell.
+cryptography functions of OpenSSL\*(Aqs \fBcrypto\fR library from the shell.
It can be used for
.PP
.Vb 8
@@ -111,7 +114,7 @@ nothing is printed to \fBstderr\fR. Additional command line arguments
are always ignored. Since for each cipher there is a command of the
same name, this provides an easy way for shell scripts to test for the
availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fIXXX\fR is
-not able to detect pseudo-commands such as \fBquit\fR,
+not able to detect pseudo\-commands such as \fBquit\fR,
\&\fBlist\fR, or \fBno\-\fR\fIXXX\fR itself.)
.SS "Configuration Option"
.IX Subsection "Configuration Option"
@@ -152,7 +155,7 @@ Message Digest calculation. MAC calculations are superseded by
\&\fBopenssl\-mac\fR\|(1).
.IP \fBdhparam\fR 4
.IX Item "dhparam"
-Generation and Management of Diffie-Hellman Parameters. Superseded by
+Generation and Management of Diffie\-Hellman Parameters. Superseded by
\&\fBopenssl\-genpkey\fR\|(1) and \fBopenssl\-pkeyparam\fR\|(1).
.IP \fBdsa\fR 4
.IX Item "dsa"
@@ -191,7 +194,7 @@ Generation of Private Key or Parameters.
Generation of RSA Private Key. Superseded by \fBopenssl\-genpkey\fR\|(1).
.IP \fBhelp\fR 4
.IX Item "help"
-Display information about a command's options.
+Display information about a command\*(Aqs options.
.IP \fBinfo\fR 4
.IX Item "info"
Display diverse information built into the OpenSSL libraries.
@@ -236,7 +239,7 @@ Public key algorithm cryptographic operation command.
Compute prime numbers.
.IP \fBrand\fR 4
.IX Item "rand"
-Generate pseudo-random bytes.
+Generate pseudo\-random bytes.
.IP \fBrehash\fR 4
.IX Item "rehash"
Create symbolic links to certificate and CRL files named by the hash values.
@@ -253,13 +256,13 @@ by \fBopenssl\-pkeyutl\fR\|(1).
.IP \fBs_client\fR 4
.IX Item "s_client"
This implements a generic SSL/TLS client which can establish a transparent
-connection to a remote server speaking SSL/TLS. It's intended for testing
+connection to a remote server speaking SSL/TLS. It\*(Aqs intended for testing
purposes only and provides only rudimentary interface functionality but
internally uses mostly all functionality of the OpenSSL \fBssl\fR library.
.IP \fBs_server\fR 4
.IX Item "s_server"
This implements a generic SSL/TLS server which accepts connections from remote
-clients speaking SSL/TLS. It's intended for testing purposes only and provides
+clients speaking SSL/TLS. It\*(Aqs intended for testing purposes only and provides
only rudimentary interface functionality but internally uses mostly all
functionality of the OpenSSL \fBssl\fR library. It provides both an own command
line oriented protocol for testing SSL functions and a simple HTTP response
@@ -397,7 +400,7 @@ Aria\-256 Cipher
.IP \fBbase64\fR 4
.IX Item "base64"
Base64 Encoding
-.IP "\fBbf\fR, \fBbf-cbc\fR, \fBbf-cfb\fR, \fBbf-ecb\fR, \fBbf-ofb\fR" 4
+.IP "\fBbf\fR, \fBbf\-cbc\fR, \fBbf\-cfb\fR, \fBbf\-ecb\fR, \fBbf\-ofb\fR" 4
.IX Item "bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb"
Blowfish Cipher
.IP "\fBcamellia128\fR, \fBcamellia\-128\-cbc\fR, \fBcamellia\-128\-cfb\fR, \fBcamellia\-128\-ctr\fR, \fBcamellia\-128\-ecb\fR, \fBcamellia\-128\-ofb\fR" 4
@@ -409,7 +412,7 @@ Camellia\-192 Cipher
.IP "\fBcamellia256\fR, \fBcamellia\-256\-cbc\fR, \fBcamellia\-256\-cfb\fR, \fBcamellia\-256\-ctr\fR, \fBcamellia\-256\-ecb\fR, \fBcamellia\-256\-ofb\fR" 4
.IX Item "camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb"
Camellia\-256 Cipher
-.IP "\fBcast\fR, \fBcast-cbc\fR" 4
+.IP "\fBcast\fR, \fBcast\-cbc\fR" 4
.IX Item "cast, cast-cbc"
CAST Cipher
.IP "\fBcast5\-cbc\fR, \fBcast5\-cfb\fR, \fBcast5\-ecb\fR, \fBcast5\-ofb\fR" 4
@@ -418,13 +421,13 @@ CAST5 Cipher
.IP \fBchacha20\fR 4
.IX Item "chacha20"
Chacha20 Cipher
-.IP "\fBdes\fR, \fBdes-cbc\fR, \fBdes-cfb\fR, \fBdes-ecb\fR, \fBdes-ede\fR, \fBdes-ede-cbc\fR, \fBdes-ede-cfb\fR, \fBdes-ede-ofb\fR, \fBdes-ofb\fR" 4
+.IP "\fBdes\fR, \fBdes\-cbc\fR, \fBdes\-cfb\fR, \fBdes\-ecb\fR, \fBdes\-ede\fR, \fBdes\-ede\-cbc\fR, \fBdes\-ede\-cfb\fR, \fBdes\-ede\-ofb\fR, \fBdes\-ofb\fR" 4
.IX Item "des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb"
DES Cipher
.IP "\fBdes3\fR, \fBdesx\fR, \fBdes\-ede3\fR, \fBdes\-ede3\-cbc\fR, \fBdes\-ede3\-cfb\fR, \fBdes\-ede3\-ofb\fR" 4
.IX Item "des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb"
-Triple-DES Cipher
-.IP "\fBidea\fR, \fBidea-cbc\fR, \fBidea-cfb\fR, \fBidea-ecb\fR, \fBidea-ofb\fR" 4
+Triple\-DES Cipher
+.IP "\fBidea\fR, \fBidea\-cbc\fR, \fBidea\-cfb\fR, \fBidea\-ecb\fR, \fBidea\-ofb\fR" 4
.IX Item "idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb"
IDEA Cipher
.IP "\fBrc2\fR, \fBrc2\-cbc\fR, \fBrc2\-cfb\fR, \fBrc2\-ecb\fR, \fBrc2\-ofb\fR" 4
@@ -436,7 +439,7 @@ RC4 Cipher
.IP "\fBrc5\fR, \fBrc5\-cbc\fR, \fBrc5\-cfb\fR, \fBrc5\-ecb\fR, \fBrc5\-ofb\fR" 4
.IX Item "rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb"
RC5 Cipher
-.IP "\fBseed\fR, \fBseed-cbc\fR, \fBseed-cfb\fR, \fBseed-ecb\fR, \fBseed-ofb\fR" 4
+.IP "\fBseed\fR, \fBseed\-cbc\fR, \fBseed\-cfb\fR, \fBseed\-ecb\fR, \fBseed\-ofb\fR" 4
.IX Item "seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb"
SEED Cipher
.IP "\fBsm4\fR, \fBsm4\-cbc\fR, \fBsm4\-cfb\fR, \fBsm4\-ctr\fR, \fBsm4\-ecb\fR, \fBsm4\-ofb\fR" 4
@@ -482,7 +485,7 @@ See the \fBopenssl\-passphrase\-options\fR\|(1) manual page.
.SS "Random State Options"
.IX Subsection "Random State Options"
Prior to OpenSSL 1.1.1, it was common for applications to store information
-about the state of the random-number generator in a file that was loaded
+about the state of the random\-number generator in a file that was loaded
at startup and rewritten upon exit. On modern operating systems, this is
generally no longer necessary as OpenSSL will seed itself from a trusted
entropy source provided by the operating system. These flags are still
@@ -494,8 +497,8 @@ every use of \fB\-rand\fR should be paired with \fB\-writerand\fR.
.IX Item "-rand files"
A file or files containing random data used to seed the random number
generator.
-Multiple files can be specified separated by an OS-dependent character.
-The separator is \f(CW\*(C`;\*(C'\fR for MS-Windows, \f(CW\*(C`,\*(C'\fR for OpenVMS, and \f(CW\*(C`:\*(C'\fR for
+Multiple files can be specified separated by an OS\-dependent character.
+The separator is \f(CW\*(C`;\*(C'\fR for MS\-Windows, \f(CW\*(C`,\*(C'\fR for OpenVMS, and \f(CW\*(C`:\*(C'\fR for
all others. Another way to specify multiple files is to repeat this flag
with different filenames.
.IP "\fB\-writerand\fR \fIfile\fR" 4
@@ -540,7 +543,7 @@ respectively.
.IX Item "-engine id"
Load the engine identified by \fIid\fR and use all the methods it implements
(algorithms, key storage, etc.), unless specified otherwise in the
-command-specific documentation or it is configured to do so, as described in
+command\-specific documentation or it is configured to do so, as described in
"Engine Configuration" in \fBconfig\fR\|(5).
.Sp
The engine will be used for key ids specified with \fB\-key\fR and similar
@@ -562,10 +565,10 @@ form:
.Ve
.PP
Where \f(CW\*(C`{engineid}\*(C'\fR is the identity/name of the engine, and \f(CW\*(C`{keyid}\*(C'\fR is a
-key identifier that's acceptable by that engine. For example, when using an
+key identifier that\*(Aqs acceptable by that engine. For example, when using an
engine that interfaces against a PKCS#11 implementation, the generic key URI
would be something like this (this happens to be an example for the PKCS#11
-engine that's part of OpenSC):
+engine that\*(Aqs part of OpenSC):
.PP
.Vb 1
\& \-key org.openssl.engine:pkcs11:label_some\-private\-key
@@ -629,7 +632,8 @@ For information about specific commands, see \fBopenssl\-engine\fR\|(1),
\&\fBopenssl\-rehash\fR\|(1), and \fBtsget\fR\|(1).
.PP
For information about querying or specifying CPU architecture flags, see
-\&\fBOPENSSL_ia32cap\fR\|(3), \fBOPENSSL_s390xcap\fR\|(3) and \fBOPENSSL_riscvcap\fR\|(3).
+\&\fBOPENSSL_ia32cap\fR\|(3), \fBOPENSSL_ppccap\fR\|(3), \fBOPENSSL_s390xcap\fR\|(3),
+and \fBOPENSSL_riscvcap\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBopenssl\-asn1parse\fR\|(1),
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-26 02:57:11 +0000