diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 | 43 |
1 files changed, 27 insertions, 16 deletions
diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 index 8986aa32e29c..76881e0fe81c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD 3" -.TH SSL_CONF_CMD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CONF_CMD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,7 +209,7 @@ will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 .Sp The \fBvalue\fR argument is a colon separated list of groups. The group can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where -applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be in order of preference with the most preferred group first. .IP "\fB\-curves\fR" 4 @@ -223,7 +223,7 @@ servers The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which picks an appropriate curve based on client and server preferences. The curve can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name -(e.g \fBprime256v1\fR). Curve names are case sensitive. +(e.g. \fBprime256v1\fR). Curve names are case sensitive. .IP "\fB\-cipher\fR" 4 .IX Item "-cipher" Sets the TLSv1.2 and below ciphersuite list to \fBvalue\fR. This list will be @@ -266,13 +266,16 @@ Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting .IP "\fB\-min_protocol\fR, \fB\-max_protocol\fR" 4 .IX Item "-min_protocol, -max_protocol" Sets the minimum and maximum supported protocol. -Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, -\&\fBTLSv1.1\fR, \fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0 and \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 -and \fBNone\fR for no limit. -If either bound is not specified then only the other bound applies, -if specified. -To restrict the supported protocol versions use these commands rather -than the deprecated alternative commands below. +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0; \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 and \fBNone\fR +for no limit. +If either the lower or upper bound is not specified then only the other bound +applies, if specified. +If your application supports both \s-1TLS\s0 and \s-1DTLS\s0 you can specify any of these +options twice, once with a bound for \s-1TLS\s0 and again with an appropriate bound +for \s-1DTLS.\s0 +To restrict the supported protocol versions use these commands rather than the +deprecated alternative commands below. .IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 .IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by @@ -445,7 +448,7 @@ will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 .Sp The \fBvalue\fR argument is a colon separated list of groups. The group can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where -applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be in order of preference with the most preferred group first. .IP "\fBCurves\fR" 4 @@ -457,14 +460,22 @@ This sets the minimum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The value \fBNone\fR will disable the limit. +The \s-1SSL\s0 and \s-1TLS\s0 bounds apply only to TLS-based contexts, while the \s-1DTLS\s0 bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a \s-1TLS\s0 bound, and the +other setting a \s-1DTLS\s0 bound. +The value \fBNone\fR applies to both types of contexts and disables the limits. .IP "\fBMaxProtocol\fR" 4 .IX Item "MaxProtocol" This sets the maximum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The value \fBNone\fR will disable the limit. +The \s-1SSL\s0 and \s-1TLS\s0 bounds apply only to TLS-based contexts, while the \s-1DTLS\s0 bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a \s-1TLS\s0 bound, and the +other setting a \s-1DTLS\s0 bound. +The value \fBNone\fR applies to both types of contexts and disables the limits. .IP "\fBProtocol\fR" 4 .IX Item "Protocol" This can be used to enable or disable certain versions of the \s-1SSL, @@ -611,7 +622,7 @@ syntax errors. The value is a string without any specific structure. .IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 .IX Item "SSL_CONF_TYPE_FILE" -The value is a file name. +The value is a filename. .IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 .IX Item "SSL_CONF_TYPE_DIR" The value is a directory name. @@ -769,7 +780,7 @@ OpenSSL passing a command which didn't take an argument would return \&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2012\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy |