diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2002-07-19 19:55:34 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2002-07-19 19:55:34 +0000 |
commit | c6ccf055ba151c348bb0026e05a83b0135e40518 (patch) | |
tree | 6d95d1f48e0152a4dcb7dba17d6302543b94ba87 /doc/apps | |
parent | 1649d85d10173fe769e3bc5684871c687a5cfb74 (diff) |
New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
Diffstat (limited to 'doc/apps')
-rw-r--r-- | doc/apps/ciphers.pod | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 21077614a7..c90484b70e 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -108,10 +108,20 @@ the default cipher list. This is determined at compile time and is normally B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string specified. +=item B<COMPLEMENTOFDEFAULT> + +the ciphers not enabled by default, currently being B<ADH>. This rule does not +cover B<eNULL>, which is not included by B<ALL> and is therefore be handled by +B<COMPLENETOFALL>. + =item B<ALL> all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled. +=item B<COMPLEMENTOFALL> + +the cipher suites not enabled by B<ALL>, currently being B<eNULL>. + =item B<HIGH> "high" encryption cipher suites. This currently means those with key lengths larger @@ -339,8 +349,22 @@ Include only 3DES ciphers and then place RSA ciphers last: openssl ciphers -v '3DES:+RSA' +Include all RC4 ciphers but leave out those without authentication: + + openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' + +Include all chiphers with RSA authentication but leave out ciphers without +encryption. + + openssl ciphers -v 'RSA:!COMPLEMENTOFALL' + =head1 SEE ALSO L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)> +=head1 HISTORY + +The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were +added in version 0.9.7. + =cut |