Commit graph

55 commits

Author SHA1 Message Date
FdaSilvaYY
77a795e4b0 Fix some typos in pod files
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1189)
2016-06-08 09:54:33 -04:00
Rich Salz
bb9ad09e8e More doc nits
Update script to look for period or POD markup in NAME section, and
fix them.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-06 10:09:39 -04:00
Rich Salz
6d1e7709c6 RT4539: Add section for renamed ciphers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-31 13:55:20 -04:00
Rich Salz
05ea606a25 Doc nits cleanup, round 2
Fix some code examples, trailing whitespace
Fix TBA sections in verify, remove others.
Remove empty sections
Use Mixed Case not ALL CAPS in head2
Enhance doc-nits script.
Remove extra =cut line

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-20 20:54:00 -04:00
Rich Salz
e2f92610bc Add copyright to manpages
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-19 08:51:59 -04:00
Dr. Stephen Henson
1480b8a9ec Add -srp option to ciphers command.
RT#4224

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 22:53:39 +01:00
Kurt Roeckx
29c4cf0cd1 Update ciphers -s documentation
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
2016-03-09 19:10:28 +01:00
Matt Caswell
8b1a5af389 Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:04:06 +00:00
Viktor Dukhovni
8c73aeb61e Update documentation of SSL METHODs and ciphers
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-23 18:14:01 -05:00
Dr. Stephen Henson
c15e95a61d update ciphers manual page
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-11 20:54:02 +00:00
Todd Short
1c37fd96d8 Add CHACHA20 alias for ciphers.
Update ciphers documentation as well (based on -04 rev of ID).

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4206, GH: #642
2016-02-10 20:13:26 +01:00
A J Mohan Rao
6755ff1128 commands help cleanup
opt_valtype 0 is same as '-' while printing cmd usage
asn1parse/ca/ciphers help cleanup

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-06 14:06:52 -05:00
Rich Salz
0ae9e29266 GH628: Add -help to all apps docs.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 11:17:00 -05:00
Rich Salz
baf245ec5f GH528: "cipher -v" output is confusing.
Fix the docs, and refactor some common code.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-11 18:54:49 -05:00
Viktor Dukhovni
1c735804a2 Really disable 56-bit (single-DES) ciphers
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-06 12:32:19 -05:00
Kurt Roeckx
361a119127 Remove support for all 40 and 56 bit ciphers.
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #364
2015-12-05 17:45:59 +01:00
Dr. Stephen Henson
bf24ac9b54 Update and clarify ciphers documentation.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-14 00:06:33 +00:00
Rich Salz
a528d4f0a9 Remove SSLeay history, etc., from docs
If something was "present in all versions" of SSLeay, or if it was
added to a version of SSLeay (and therefore predates OpenSSL),
remove mention of it.  Documentation history now starts with OpenSSL.

Remove mention of all history before OpenSSL 0.9.8, inclusive.

Remove all AUTHOR sections.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-28 17:23:51 -04:00
Matt Caswell
c84f7f4a74 Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.

Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-30 19:15:06 +01:00
Rich Salz
9b86974e0c Fix L<> content in manpages
L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-21 15:11:50 -04:00
Dr. Stephen Henson
f8f5f8369d add CCM docs
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-14 06:57:32 +01:00
Rich Salz
ade44dcb16 Remove Gost94 signature algorithm.
This was obsolete in 2001.  This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-11 18:23:29 -04:00
Dr. Stephen Henson
69a3a9f5d9 CAMELLIA PSK ciphersuites from RFC6367
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
b2f8ab8681 Add PSK ciphersuites to docs
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Matt Caswell
13f8eb4730 Remove export static DH ciphersuites
Remove support for the two export grade static DH ciphersuites. These two
ciphersuites were newly added (along with a number of other static DH
ciphersuites) to 1.0.2. However the two export ones have *never* worked
since they were introduced. It seems strange in any case to be adding new
export ciphersuites, and given "logjam" it also does not seem correct to
fix them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:58:52 +01:00
Alok Menghrajani
4c583c3659 Fixes some typos in doc/apps/
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 08:51:43 -04:00
Rich Salz
646e8c1d6b Dead code removal: Fortezza identifiers
Not interested in helping the NSA in the slightest.
And anyway, it was never implemented, #if'd out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 21:00:03 -05:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00
Kurt Roeckx
bfc973f46c Fix spelling of EECDH
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-10 10:57:26 +01:00
Hubert Kario
750487899a Add support for Camellia HMAC-Based cipher suites from RFC6367
While RFC6367 focuses on Camellia-GCM cipher suites, it also adds a few
cipher suites that use SHA-2 based HMAC that can be very easily
added.

Tested against gnutls 3.3.5

PR#3443

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-15 23:41:20 +01:00
Hubert Kario
343e5cf194 add ECC strings to ciphers(1), point out difference between DH and ECDH
* Make a clear distinction between DH and ECDH key exchange.
 * Group all key exchange cipher suite identifiers, first DH then ECDH
 * add descriptions for all supported *DH* identifiers
 * add ECDSA authentication descriptions
 * add example showing how to disable all suites that offer no
   authentication or encryption
2014-06-10 20:53:07 +01:00
Dr. Stephen Henson
89e674744d Correct example. 2014-05-12 18:41:52 +01:00
Matt Caswell
c4afc40a9b Fixed CRLF in file 2014-05-10 01:19:50 +01:00
Dr. Stephen Henson
0f817d3b27 Add initial security framework docs. 2014-03-28 16:42:18 +00:00
Daniel Kahn Gillmor
0ecfd920e5 update remaining documentation to move from EDH to DHE
change documentation and comments to indicate that we prefer the
standard "DHE" naming scheme everywhere over the older "EDH"
2014-01-09 15:43:28 +00:00
Daniel Kahn Gillmor
5a21cadbeb use SSL_kDHE throughout instead of SSL_kEDH
DHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEDH should probably be deprecated at some
point, though.
2014-01-09 15:43:28 +00:00
Dr. Stephen Henson
63d103ea48 typo 2012-11-16 12:49:14 +00:00
Dr. Stephen Henson
999ffeca6c update ciphers documentation to indicate implemented fixed DH ciphersuites 2012-11-16 01:15:15 +00:00
Dr. Stephen Henson
ffa4579679 initial update of ciphers doc 2012-11-16 00:42:38 +00:00
Dr. Stephen Henson
fb552ac616 Change version from 0.9.9 to 1.0.0 in docs 2009-09-30 23:43:01 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Nils Larsch
bcb38217c4 add note about 56 bit ciphers
PR: 1461
2007-02-06 19:41:01 +00:00
Bodo Möller
75d61b33bc documentation for "HIGH" vs. "MEDIUM" was not up-to-date 2006-06-30 22:00:13 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Bodo Möller
13e4670c29 new option "openssl ciphers -V" 2005-10-01 04:08:48 +00:00
Lutz Jänicke
44fcd3ef3e Add information about AES cipher suites to ciphers manual page.
If no authentication method is mentioned in the cipher suite name (e.g.
AES128-SHA), RSA authentication is used (PR #396).
2002-12-29 21:24:50 +00:00
Bodo Möller
8be4e173e8 fix a typo and clarify 2002-07-22 09:04:36 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:55:34 +00:00
Bodo Möller
8acdd759b9 Clarifications. 2000-04-06 22:30:57 +00:00