From 21d94d44246bfe2c220bc3b219443ccaedce308d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 4 Feb 2017 13:12:49 +0000
Subject: Update documentation

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
---
 doc/man1/ciphers.pod             | 8 ++++++++
 doc/man3/SSL_CIPHER_get_name.pod | 7 +++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index c1d1cb25a0..aa8ace2a03 100644
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -670,6 +670,14 @@ Note: these ciphers can also be used in SSL v3.
  TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256        DHE-PSK-CHACHA20-POLY1305
  TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256        RSA-PSK-CHACHA20-POLY1305
 
+=head2 TLS v1.3 cipher suites
+
+ TLS_AES_128_GCM_SHA256                     TLS13-AES-128-GCM-SHA256
+ TLS_AES_256_GCM_SHA384                     TLS13-AES-256-GCM-SHA384
+ TLS_CHACHA20_POLY1305_SHA256               TLS13-CHACHA20-POLY1305-SHA256
+ TLS_AES_128_CCM_SHA256                     TLS13-AES-128-CCM-SHA256
+ TLS_AES_128_CCM_8_SHA256                   TLS13-AES-128-CCM-8-SHA256
+
 =head2 Older names used by OpenSSL
 
 The following names are accepted by older releases:
diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod
index b648e096ef..872e37d18d 100644
--- a/doc/man3/SSL_CIPHER_get_name.pod
+++ b/doc/man3/SSL_CIPHER_get_name.pod
@@ -42,7 +42,9 @@ used by B<c>. If there is no digest (e.g. for AEAD ciphersuites) then
 B<NID_undef> is returned.
 
 SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method
-used by B<c>. If there is no key exchange, then B<NID_undef> is returned. Examples (not comprehensive):
+used by B<c>. If there is no key exchange, then B<NID_undef> is returned.
+If any appropriate key exchange algorithm can be used (as in the case of TLS 1.3
+ciphersuites) B<NID_kx_any> is returned. Examples (not comprehensive):
 
  NID_kx_rsa
  NID_kx_ecdhe
@@ -51,7 +53,8 @@ used by B<c>. If there is no key exchange, then B<NID_undef> is returned. Exampl
 
 SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method
 used by B<c>. If there is no authentication, then B<NID_undef> is returned.
-Examples (not comprehensive):
+If any appropriate authentication algorithm can be used (as in the case of
+TLS 1.3 ciphersuites) B<NID_auth_any> is returned. Examples (not comprehensive):
 
  NID_auth_rsa
  NID_auth_ecdsa
-- 
cgit v1.2.3