Allow ADH to be used but not present in the default cipher

list.

Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.

2 files changed, 15 insertions, 2 deletions

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 2ca55b0cc9..2301e28251 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -101,7 +101,8 @@ The following is a list of all permitted cipher strings and their meanings.
 =item B<DEFAULT>
 
 the default cipher list. This is determined at compile time and is normally
-B<TBA>. This must be the first cipher string specified.
+B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
+specified.
 
 =item B<ALL>
 
@@ -143,7 +144,7 @@ included.
 
 the cipher suites offering no authentication. This is currently the anonymous
 DH algorithms. These cipher suites are vulnerable to a "man in the middle"
-attack and so there use is normally discouraged.
+attack and so their use is normally discouraged.
 
 =item B<kRSA>, B<RSA>
 
diff --git a/doc/apps/pkcs7.pod b/doc/apps/pkcs7.pod
index b721e395a2..4e9bd6e46b 100644
--- a/doc/apps/pkcs7.pod
+++ b/doc/apps/pkcs7.pod
@@ -71,6 +71,18 @@ Output all certificates in a file:
 
  openssl pkcs7 -in file.pem -print_certs -out certs.pem
 
+=head1 NOTES
+
+The PEM PKCS#7 format uses the header and footer lines:
+
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+
+For compatability with some CAs it will also accept:
+
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+
 =head1 RESTRICTIONS
 
 There is no option to print out all the fields of a PKCS#7 file.