diff options
Diffstat (limited to 'doc')
39 files changed, 748 insertions, 439 deletions
diff --git a/doc/build.info b/doc/build.info index bb1f00f49b76..eb4492ba9c75 100644 --- a/doc/build.info +++ b/doc/build.info @@ -2903,6 +2903,10 @@ DEPEND[html/man3/UI_new.html]=man3/UI_new.pod GENERATE[html/man3/UI_new.html]=man3/UI_new.pod DEPEND[man/man3/UI_new.3]=man3/UI_new.pod GENERATE[man/man3/UI_new.3]=man3/UI_new.pod +DEPEND[html/man3/X509V3_EXT_print.html]=man3/X509V3_EXT_print.pod +GENERATE[html/man3/X509V3_EXT_print.html]=man3/X509V3_EXT_print.pod +DEPEND[man/man3/X509V3_EXT_print.3]=man3/X509V3_EXT_print.pod +GENERATE[man/man3/X509V3_EXT_print.3]=man3/X509V3_EXT_print.pod DEPEND[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod GENERATE[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod DEPEND[man/man3/X509V3_get_d2i.3]=man3/X509V3_get_d2i.pod @@ -3787,6 +3791,7 @@ html/man3/UI_STRING.html \ html/man3/UI_UTIL_read_pw.html \ html/man3/UI_create_method.html \ html/man3/UI_new.html \ +html/man3/X509V3_EXT_print.html \ html/man3/X509V3_get_d2i.html \ html/man3/X509V3_set_ctx.html \ html/man3/X509_ACERT_add1_attr.html \ @@ -4463,6 +4468,7 @@ man/man3/UI_STRING.3 \ man/man3/UI_UTIL_read_pw.3 \ man/man3/UI_create_method.3 \ man/man3/UI_new.3 \ +man/man3/X509V3_EXT_print.3 \ man/man3/X509V3_get_d2i.3 \ man/man3/X509V3_set_ctx.3 \ man/man3/X509_ACERT_add1_attr.3 \ diff --git a/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod b/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod index 16bd7f205c2d..6c78c3a447af 100644 --- a/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod +++ b/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod @@ -80,7 +80,7 @@ This example is of a function that computes the size of a record that has a four byte element count which is followed by that many elements. It returns zero on overflow. - OSSL_SAFE_MATH_UNSIGNED(sizet, size_t, SIZE_MAX) + OSSL_SAFE_MATH_UNSIGNED(sizet, size_t) size_t compute_record_size(uint32_t n) { @@ -99,7 +99,7 @@ The functions described here were all added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man3/ossl_cmp_msg_check_update.pod b/doc/internal/man3/ossl_cmp_msg_check_update.pod index 2a6a9fccb04c..4643be69b77b 100644 --- a/doc/internal/man3/ossl_cmp_msg_check_update.pod +++ b/doc/internal/man3/ossl_cmp_msg_check_update.pod @@ -51,6 +51,7 @@ The callback is passed also the arguments B<ctx>, B<msg>, and <cb_arg> The callback should return 1 on acceptance, 0 on rejection, or -1 on error. It should not put an error on the error stack since this could be misleading. +Unless the B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS> is set in the B<ctx>, ossl_cmp_msg_check_update() adds all extraCerts contained in the <msg> to the list of untrusted certificates in B<ctx> such that they are already usable for OSSL_CMP_validate_msg(), which is called internally, and for future use. @@ -58,7 +59,7 @@ Thus they are available also to the certificate confirmation callback, and the peer does not need to send them again (at least not in the same transaction). Note that it does not help validating the message before storing the extraCerts because they are not part of the protected portion of the message anyway. -For efficiency, the extraCerts are prepended to the list so they get used first. +For efficiency, the extraCerts being cached are prepended to the list so they get used first. If all checks pass then ossl_cmp_msg_check_update() records in B<ctx> the senderNonce of the received message as the new recipNonce @@ -85,7 +86,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man7/deprecation.pod b/doc/internal/man7/deprecation.pod index de34c30fa22f..4e954584f43e 100644 --- a/doc/internal/man7/deprecation.pod +++ b/doc/internal/man7/deprecation.pod @@ -2,6 +2,8 @@ =head1 NAME +OPENSSL_NO_DEPRECATED_3_5, OSSL_DEPRECATEDIN_3_5, +OPENSSL_NO_DEPRECATED_3_4, OSSL_DEPRECATEDIN_3_4, OPENSSL_NO_DEPRECATED_3_1, OSSL_DEPRECATEDIN_3_1, OPENSSL_NO_DEPRECATED_3_0, OSSL_DEPRECATEDIN_3_0, OPENSSL_NO_DEPRECATED_1_1_1, OSSL_DEPRECATEDIN_1_1_1, @@ -131,7 +133,7 @@ L<openssl_user_macros(7)> =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod index 184382ee8335..3bcbcace9a3e 100644 --- a/doc/man1/CA.pl.pod +++ b/doc/man1/CA.pl.pod @@ -106,7 +106,7 @@ If there is an additional argument on the command line it will be used as the list box), otherwise the name "My Certificate" is used. Delegates work to L<openssl-pkcs12(1)>. -=item B<-sign>, B<-signcert>, B<-xsign> +=item B<-sign>, B<-xsign> Calls the L<openssl-ca(1)> command to sign a certificate request. It expects the request to be in the file F<newreq.pem>. The new certificate is written to the @@ -191,7 +191,7 @@ L<config(5)> =head1 COPYRIGHT -Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in index 69195bcdcbd0..e1f9845cee57 100644 --- a/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in @@ -120,16 +120,16 @@ the IANA TLS Cipher Suites Registry The actual cipher string can take several different forms. -It can consist of a single cipher suite such as B<RC4-SHA>. +It can consist of a single cipher suite such as B<AES256-SHA>. It can represent a list of cipher suites containing a certain algorithm, or -cipher suites of a certain type. For example B<SHA1> represents all ciphers -suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3 -algorithms. +cipher suites of a certain type. For example B<SHA256> represents all cipher +suites using the digest algorithm SHA256 and B<TLSv1.2> represents all +cipher suites introduced in TLS v.1.2. Lists of cipher suites can be combined in a single cipher string using the B<+> character. This is used as a logical B<and> operation. For example -B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES +B<SHA256+AES> represents all cipher suites using the SHA256 B<and> the AES algorithms. Each cipher string can be optionally preceded by the characters B<!>, @@ -160,7 +160,7 @@ See L<SSL_CTX_set_security_level(3)> for a description of what each level means. The cipher list can be prefixed with the B<DEFAULT> keyword, which enables the default cipher list as defined below. Unlike cipher strings, this prefix may not be combined with other strings using B<+> character. -For example, B<DEFAULT+DES> is not valid. +For example, B<DEFAULT+AES> is not valid. The content of the default list is determined at compile time and normally corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>. @@ -173,11 +173,12 @@ The following is a list of all permitted cipher strings and their meanings. =item B<COMPLEMENTOFDEFAULT> -The ciphers included in B<ALL>, but not enabled by default. Currently -this includes all RC4 and anonymous ciphers. Note that this rule does -not cover B<eNULL>, which is not included by B<ALL> (use B<COMPLEMENTOFALL> if -necessary). Note that RC4 based cipher suites are not built into OpenSSL by -default (see the enable-weak-ssl-ciphers option to Configure). +The cipher suites included in B<ALL>, but not enabled by default. The default +cipher suite list provides strong security and reasonable interoperability. +A cipher suite can be not included in the default list for different reasons: +because it is weak, or not "mature" enough, or not widely used, etc. +Note that this rule does not cover B<eNULL>, which is not included by B<ALL> +(use B<COMPLEMENTOFALL> if necessary). =item B<ALL> @@ -205,6 +206,10 @@ encryption. encryption algorithms but excluding export cipher suites. All these cipher suites have been removed as of OpenSSL 1.1.0. +=item B<FIPS> + +Cipher suites permitted in FIPS mode. + =item B<eNULL>, B<NULL> The "NULL" ciphers that is those offering no encryption. Because these offer no @@ -227,14 +232,8 @@ When in doubt, include B<!aNULL> in your cipherlist. =item B<kRSA>, B<aRSA>, B<RSA> -Cipher suites using RSA key exchange or authentication. B<RSA> is an alias for -B<kRSA>. - -=item B<kDHr>, B<kDHd>, B<kDH> - -Cipher suites using static DH key agreement and DH certificates signed by CAs -with RSA and DSS keys or either respectively. -All these cipher suites have been removed in OpenSSL 1.1.0. +Cipher suites using RSA key exchange, RSA authentication, or both of them +respectively. =item B<kDHE>, B<kEDH>, B<DH> @@ -267,12 +266,6 @@ Anonymous Elliptic Curve Diffie-Hellman cipher suites. Cipher suites using DSS authentication, i.e. the certificates carry DSS keys. -=item B<aDH> - -Cipher suites effectively using DH authentication, i.e. the certificates carry -DH keys. -All these cipher suites have been removed in OpenSSL 1.1.0. - =item B<aECDSA>, B<ECDSA> Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA @@ -280,8 +273,7 @@ keys. =item B<TLSv1.2>, B<TLSv1.0>, B<SSLv3> -Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or -SSL v3.0 respectively. +Lists cipher suites introduced in TLS v1.2, TLS v1.0 or SSL v3.0 respectively. Note: there are no cipher suites specific to TLS v1.1. Since this is only the minimum version, if, for example, TLSv1.0 is negotiated then both TLSv1.0 and SSLv3.0 cipher suites are available. @@ -305,10 +297,13 @@ cipher suites are only supported in TLS v1.2. B<AESCCM> references CCM cipher suites using both 16 and 8 octet Integrity Check Value (ICV) while B<AESCCM8> only references 8 octet ICV. -=item B<ARIA128>, B<ARIA256>, B<ARIA> +=item B<ARIA128>, B<ARIA256> + +Cipher suites using 128 bit ARIA or 256 bit ARIA respectively. -Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit -ARIA. +=item B<ARIA>, B<ARIAGCM> + +Cipher suites using either 128 or 256 bit ARIA. =item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA> @@ -358,24 +353,46 @@ Cipher suites using SHA256 or SHA384. =item B<aGOST> -Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication +Cipher suites using GOST R 34.10 (either 2001 or 2012) for authentication (needs an engine supporting GOST algorithms). =item B<aGOST01> -Cipher suites using GOST R 34.10-2001 authentication. +Cipher suites that can be uses with GOST R 34.10-2001 keys for authentication. + +=item B<aGOST12> + +Cipher suites that can be used with GOST R 34.10-2012 keys for authentication. =item B<kGOST> -Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357. +Cipher suites using VKO 34.10 key exchange and key wrap specified in the +RFC 4357 or RFC 7836. + +=item B<kGOST18> + +Cipher suites using VKO 34.10 key exchange specified in the RFC 7836 and +KExp15 key export specified in the RFC 9189. =item B<GOST94> Cipher suites, using HMAC based on GOST R 34.11-94. +=item B<GOST12> + +Cipher suites, using HMAC based on GOST R 34.11-2012 256 bits. + =item B<GOST89MAC> -Cipher suites using GOST 28147-89 MAC B<instead of> HMAC. +Cipher suites using GOST 28147-89 MAC B<instead of> HMAC with S-boxes A. + +=item B<GOST89MAC12> + +Cipher suites using GOST 28147-89 MAC B<instead of> HMAC with S-boxes Z. + +=item B<GOST89> + +Cipher suites using any GOST cipher (GOST 28147-89, Magma or Kuznyechik). =item B<PSK> @@ -390,6 +407,14 @@ Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK. Cipher suites using PSK authentication (currently all PSK modes apart from RSA_PSK). +=item B<kSRP>, B<SRP> + +Cipher suites using SRP key exchange. + +=item B<aSRP> + +Cipher suites using SRP authentication. + =item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192> Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) @@ -424,310 +449,398 @@ It should be noted, that several cipher suite names do not include the authentication used, e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. -=head2 SSL v3.0 cipher suites - - SSL_RSA_WITH_NULL_MD5 NULL-MD5 - SSL_RSA_WITH_NULL_SHA NULL-SHA - SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 - SSL_RSA_WITH_RC4_128_SHA RC4-SHA - SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - - SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA - SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA - - SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA - - SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. - SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. - SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. - -=head2 TLS v1.0 cipher suites - - TLS_RSA_WITH_NULL_MD5 NULL-MD5 - TLS_RSA_WITH_NULL_SHA NULL-SHA - TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 - TLS_RSA_WITH_RC4_128_SHA RC4-SHA - TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA - - TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA - -=head2 AES cipher suites from RFC3268, extending TLS v1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA - TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA - - TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA - TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA - TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA - TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA - - TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA - TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA - TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA - TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA - - TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA - TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA - -=head2 Camellia cipher suites from RFC4132, extending TLS v1.0 - - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA - - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH-DSS-CAMELLIA128-SHA - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH-DSS-CAMELLIA256-SHA - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH-RSA-CAMELLIA128-SHA - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH-RSA-CAMELLIA256-SHA - - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA +=head2 AES cipher suites for TLS v1.2 - TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA - TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA + TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256 + TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA + TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256 + TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256 + TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA + TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384 + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256 + TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA + TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 + TLS_DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA + TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + TLS_DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA + TLS_DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8 + TLS_DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA + TLS_DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8 + TLS_DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384 + TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA + TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH-AES128-CCM8 + TLS_ECDH_anon_WITH_AES_128_CCM AECDH-AES128-CCM + TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA + TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH-AES256-CCM8 + TLS_ECDH_anon_WITH_AES_256_CCM AECDH-AES256-CCM + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256 + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8 + TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA + TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE-RSA-AES128-CCM8 + TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE-RSA-AES128-CCM + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA + TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE-RSA-AES256-CCM8 + TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE-RSA-AES256-CCM + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384 + TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 + TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA + TLS_PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 + TLS_PSK_WITH_AES_128_CCM PSK-AES128-CCM + TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 + TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA + TLS_PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 + TLS_PSK_WITH_AES_256_CCM PSK-AES256-CCM + TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 + TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256 + TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA + TLS_RSA_WITH_AES_128_CCM_8 AES128-CCM8 + TLS_RSA_WITH_AES_128_CCM AES128-CCM + TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256 + TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256 + TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA + TLS_RSA_WITH_AES_256_CCM_8 AES256-CCM8 + TLS_RSA_WITH_AES_256_CCM AES256-CCM + TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384 -=head2 SEED cipher suites from RFC4162, extending TLS v1.0 +=head2 Camellia cipher suites for TLS v1.2 - TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 ADH-CAMELLIA128-SHA256 + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA + TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 ADH-CAMELLIA128-GCM-SHA256 + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 ADH-CAMELLIA256-SHA256 + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA + TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 ADH-CAMELLIA256-GCM-SHA384 + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 DHE-DSS-CAMELLIA128-SHA256 + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA + TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 DHE-DSS-CAMELLIA128-GCM-SHA256 + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 DHE-DSS-CAMELLIA256-SHA256 + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA + TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 DHE-DSS-CAMELLIA256-GCM-SHA384 + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DHE-RSA-CAMELLIA128-SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 DHE-RSA-CAMELLIA128-GCM-SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 DHE-RSA-CAMELLIA256-SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 DHE-RSA-CAMELLIA256-GCM-SHA384 + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256 + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256 + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 CAMELLIA128-SHA256 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA + TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 CAMELLIA128-GCM-SHA256 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 CAMELLIA256-SHA256 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA + TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 CAMELLIA256-GCM-SHA384 - TLS_DH_DSS_WITH_SEED_CBC_SHA DH-DSS-SEED-SHA - TLS_DH_RSA_WITH_SEED_CBC_SHA DH-RSA-SEED-SHA +=head2 SEED cipher suites for TLS v1.2 - TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA - TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA + TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA + TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA + TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA + TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA - TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA - -=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0 +=head2 GOST cipher suites for TLS v1.2 Note: these ciphers require an engine which including GOST cryptographic algorithms, such as the B<gost> engine, which isn't part of the OpenSSL distribution. - TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89 - TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89 - TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94 - TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94 - -=head2 GOST cipher suites, extending TLS v1.2 - -Note: these ciphers require an engine which including GOST cryptographic -algorithms, such as the B<gost> engine, which isn't part of the OpenSSL -distribution. - - TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012-GOST8912-GOST8912 - TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012-NULL-GOST12 - -Note: GOST2012-GOST8912-GOST8912 is an alias for two ciphers ID -old LEGACY-GOST2012-GOST8912-GOST8912 and new IANA-GOST2012-GOST8912-GOST8912 - - -=head2 Additional Export 1024 and other cipher suites - -Note: these ciphers can also be used in SSL v3. - - TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA - -=head2 Elliptic curve cipher suites - - TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA - TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA - - TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA - - TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA - TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA - TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA - TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA - TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA - -=head2 TLS v1.2 cipher suites - - TLS_RSA_WITH_NULL_SHA256 NULL-SHA256 - - TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384 - - TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH-RSA-AES128-SHA256 - TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH-RSA-AES256-SHA256 - TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH-RSA-AES128-GCM-SHA256 - TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH-RSA-AES256-GCM-SHA384 - - TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH-DSS-AES128-SHA256 - TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH-DSS-AES256-SHA256 - TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH-DSS-AES128-GCM-SHA256 - TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH-DSS-AES256-GCM-SHA384 - - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256 - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384 - - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256 - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256 - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256 - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384 - - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 - - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 - - TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256 - TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256 - TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256 - TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384 - - RSA_WITH_AES_128_CCM AES128-CCM - RSA_WITH_AES_256_CCM AES256-CCM - DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM - DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM - RSA_WITH_AES_128_CCM_8 AES128-CCM8 - RSA_WITH_AES_256_CCM_8 AES256-CCM8 - DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8 - DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8 - ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM - ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM - ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 - ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89 + TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94 + IANA-GOST2012-GOST8912-GOST8912 + LEGACY-GOST2012-GOST8912-GOST8912 + GOST2012-NULL-GOST12 + GOST2012-KUZNYECHIK-KUZNYECHIKOMAC + GOST2012-MAGMA-MAGMAOMAC =head2 ARIA cipher suites from RFC6209, extending TLS v1.2 Note: the CBC modes mentioned in this RFC are not supported. - TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256 - TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384 - TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256 - TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384 - TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256 - TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384 - TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 - TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 - TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ARIA128-GCM-SHA256 - TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ARIA256-GCM-SHA384 - TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 - TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 - TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 - TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 - TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 - TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 - -=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2 - - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 - TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 - TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 - -=head2 Pre-shared keying (PSK) cipher suites - - PSK_WITH_NULL_SHA PSK-NULL-SHA - DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA - RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA + TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 ADH-ARIA128-CBC-SHA256 + TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 ADH-ARIA128-GCM-SHA256 + TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 ADH-ARIA256-CBC-SHA384 + TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 ADH-ARIA256-GCM-SHA384 + TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256 + TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384 + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE-PSK-ARIA128-CBC-SHA256 + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE-PSK-ARIA256-CBC-SHA384 + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 + TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 DHE-RSA-ARIA128-CBC-SHA256 + TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256 + TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 DHE-RSA-ARIA256-CBC-SHA384 + TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE-ECDSA-ARIA128-CBC-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE-ECDSA-ARIA256-CBC-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE-RSA-ARIA128-CBC-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-RSA-ARIA128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE-RSA-ARIA256-CBC-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-RSA-ARIA256-GCM-SHA384 + TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK-ARIA128-CBC-SHA256 + TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 + TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 + TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA-PSK-ARIA128-CBC-SHA256 + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 + TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA-PSK-ARIA256-CBC-SHA384 + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 + TLS_RSA_WITH_ARIA_128_CBC_SHA256 ARIA128-CBC-SHA256 + TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256 + TLS_RSA_WITH_ARIA_256_CBC_SHA384 ARIA256-CBC-SHA384 + TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384 - PSK_WITH_RC4_128_SHA PSK-RC4-SHA - PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA - PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA - PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA - - DHE_PSK_WITH_RC4_128_SHA DHE-PSK-RC4-SHA - DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE-PSK-3DES-EDE-CBC-SHA - DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA - DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA - - RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA - RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA - RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA - RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA - - PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 - PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 - DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 - DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 - RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 - RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 - - PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 - PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 - PSK_WITH_NULL_SHA256 PSK-NULL-SHA256 - PSK_WITH_NULL_SHA384 PSK-NULL-SHA384 - DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 - DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 - DHE_PSK_WITH_NULL_SHA256 DHE-PSK-NULL-SHA256 - DHE_PSK_WITH_NULL_SHA384 DHE-PSK-NULL-SHA384 - RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 - RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 - RSA_PSK_WITH_NULL_SHA256 RSA-PSK-NULL-SHA256 - RSA_PSK_WITH_NULL_SHA384 RSA-PSK-NULL-SHA384 - PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 - PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 - - ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA - ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-3DES-EDE-CBC-SHA - ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA - ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA - ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 - ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 - ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA - ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256 - ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384 +=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2 - PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256 - PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384 + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 - DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256 - DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384 +=head2 Elliptic curve cipher suites for TLS v.1.2 - RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256 - RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384 + TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA + TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA + TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH-AES128-CCM8 + TLS_ECDH_anon_WITH_AES_128_CCM AECDH-AES128-CCM + TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA + TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH-AES256-CCM8 + TLS_ECDH_anon_WITH_AES_256_CCM AECDH-AES256-CCM + TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH-ECDSA-DES-CBC3-SHA + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256 + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384 + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256 + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384 + TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH-ECDSA-RC4-SHA + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH-RSA-DES-CBC3-SHA + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384 + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256 + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384 + TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH-RSA-RC4-SHA + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE-ECDSA-ARIA128-CBC-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE-ECDSA-ARIA256-CBC-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA + TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 ECDHE-ECDSA-SM4-CCM-SM3 + TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 ECDHE-ECDSA-SM4-GCM-SM3 + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA + TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE-RSA-AES128-CCM8 + TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE-RSA-AES128-CCM + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA + TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE-RSA-AES256-CCM8 + TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE-RSA-AES256-CCM + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE-RSA-ARIA128-CBC-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-RSA-ARIA128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE-RSA-ARIA256-CBC-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-RSA-ARIA256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 + TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA + TLS_ECDHE_RSA_WITH_SM4_CCM_SM3 ECDHE-RSA-SM4-CCM-SM3 + TLS_ECDHE_RSA_WITH_SM4_GCM_SM3 ECDHE-RSA-SM4-GCM-SM3 + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-DES-CBC3-SHA + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8 + TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA + TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE-PSK-SM4-CCM-SM3 + TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE-PSK-SM4-GCM-SM3 - ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 - ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 +=head2 Pre-shared keying (PSK) cipher suites - PSK_WITH_AES_128_CCM PSK-AES128-CCM - PSK_WITH_AES_256_CCM PSK-AES256-CCM - DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM - DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM - PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 - PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 - DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 - DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA + TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 + TLS_DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA + TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + TLS_DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE-PSK-ARIA128-CBC-SHA256 + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE-PSK-ARIA256-CBC-SHA384 + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 + TLS_DHE_PSK_WITH_SM4_CCM_SM3 DHE-PSK-SM4-CCM-SM3 + TLS_DHE_PSK_WITH_SM4_GCM_SM3 DHE-PSK-SM4-GCM-SM3 + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-DES-CBC3-SHA + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8 + TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA + TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE-PSK-SM4-CCM-SM3 + TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE-PSK-SM4-GCM-SM3 + TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 + TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA + TLS_PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 + TLS_PSK_WITH_AES_128_CCM PSK-AES128-CCM + TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 + TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA + TLS_PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 + TLS_PSK_WITH_AES_256_CCM PSK-AES256-CCM + TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK-ARIA128-CBC-SHA256 + TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 + TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 + TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA-PSK-ARIA128-CBC-SHA256 + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 + TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA-PSK-ARIA256-CBC-SHA384 + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 + TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_SM4_CCM_SM3 RSA-PSK-SM4-CCM-SM3 + TLS_RSA_PSK_WITH_SM4_GCM_SM3 RSA-PSK-SM4-GCM-SM3 -=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2 +=head2 Other TLS v1.2 cipher suites - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305 - TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 - TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 - TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 - TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + TLS_RSA_WITH_NULL_MD5 NULL-MD5 + TLS_RSA_WITH_NULL_SHA NULL-SHA + TLS_RSA_WITH_NULL_SHA256 NULL-SHA256 + TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 + TLS_RSA_WITH_RC4_128_SHA RC4-SHA + TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA + TLS_RSA_WITH_SM4_CCM_SM3 SM4-CCM-SM3 + TLS_RSA_WITH_SM4_GCM_SM3 SM4-GCM-SM3 + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA + TLS_DHE_RSA_WITH_SM4_CCM_SM3 DHE-RSA-SM4-CCM-SM3 + TLS_DHE_RSA_WITH_SM4_GCM_SM3 DHE-RSA-SM4-GCM-SM3 + TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 + TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA =head2 TLS v1.3 cipher suites @@ -746,12 +859,12 @@ Note: these ciphers are purely HMAC based and do not provide any confidentiality and thus are disabled by default. These ciphers are only available at security level 0. -=head2 Older names used by OpenSSL +=head2 "EDH-" aliases to "DHE-" names for backward compatibility The following names are accepted by older releases: - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA) - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA) + EDH-RSA-DES-CBC3-SHA - alias of DHE-RSA-DES-CBC3-SHA + EDH-DSS-DES-CBC3-SHA - alias of DHE-DSS-DES-CBC3-SHA =head1 NOTES @@ -774,13 +887,9 @@ authentication (aNULL): openssl ciphers -v 'ALL:!aNULL' -Include only 3DES ciphers and then place RSA ciphers last: - - openssl ciphers -v '3DES:+RSA' - -Include all RC4 ciphers but leave out those without authentication: +Include only AES ciphers and then place RSA ciphers last: - openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' + openssl ciphers -v 'AES:+RSA' Include all ciphers with RSA authentication but leave out ciphers without encryption. @@ -814,7 +923,7 @@ The support for TLS v1.3 integrity-only cipher suites was added in OpenSSL 3.4. =head1 COPYRIGHT -Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 906143d2927d..0be66b3b7671 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -718,9 +718,15 @@ with a signature key." =item B<-no_cache_extracerts> Do not cache certificates in the extraCerts field of CMP messages received. -By default, they are kept as they may be helful for validating further messages. +By default, they are kept as they may be helpful for validating further messages. This option applies to both CMP clients and the mock server. +In any case, after successfully validating an incoming message, its protection +certificate (if any) is cached for reuse with validation of subsequent messages. +This is done not only for efficiency but also +to eliminate the need for the sender to include its certificate and related chain +in the extraCerts field of subsequent messages of the same transaction. + =item B<-srvcertout> I<filename> The file where to save the successfully validated certificate, if any, @@ -1533,7 +1539,7 @@ B<-rsp_keypass> were added in OpenSSL 3.5. =head1 COPYRIGHT -Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index 13a436b07660..948ac8b80c77 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -881,7 +881,7 @@ Use SHA256 KDF with an ECDH certificate: Print CMS signed binary data in human-readable form: -openssl cms -in signed.cms -binary -inform DER -cmsout -print + openssl cms -in signed.cms -binary -inform DER -cmsout -print =head1 BUGS diff --git a/doc/man1/openssl-format-options.pod b/doc/man1/openssl-format-options.pod index a9bd1d6971e0..115aa9936f8f 100644 --- a/doc/man1/openssl-format-options.pod +++ b/doc/man1/openssl-format-options.pod @@ -75,7 +75,7 @@ A password or PIN may be supplied to the engine using the B<-passin> option. A DER-encoded file containing a PKCS#12 object. It might be necessary to provide a decryption password to retrieve -the private key. +the private key or certificate. =item B<PEM> @@ -135,7 +135,7 @@ Note that the parsing is simple and might fail to parse some legal data. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index c5fb8378e8b1..46b62952590e 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -207,7 +207,7 @@ derived shared-secret value generated in the encapsulation process. Encapsulation is supported with a number of public key algorithms, currently: L<ML-KEM|EVP_PKEY-ML-KEM(7)>, L<X25519|EVP_KEM-X25519(7)>, -L<X449|EVP_KEM-X448(7)>, +L<X448|EVP_KEM-X448(7)>, and L<EC|EVP_KEM-EC(7)>. The ECX and EC algorithms use the @@ -693,7 +693,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod index 81a11c37f4c4..3edbe05b186f 100644 --- a/doc/man1/openssl-verification-options.pod +++ b/doc/man1/openssl-verification-options.pod @@ -142,6 +142,12 @@ equals the public key algorithm of the candidate issuer certificate. The lookup first searches for issuer certificates in the trust store. If it does not find a match there it consults the list of untrusted ("intermediate" CA) certificates, if provided. +If one issuer certificate was found in the trust store, the list of +untrusted certificates will not be consulted anymore to find further +issuer certificates. Therefore, either only the root certificate or an +uninterrupted chain to the root certificate must be provided in the trust +store for a successful verification, if B<X509_V_FLAG_PARTIAL_CHAIN> +is not enabled. =head2 Certification Path Validation @@ -732,7 +738,7 @@ The checks enabled by B<-x509_strict> have been extended in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in index 7e51af6eac15..309d232c8c13 100644 --- a/doc/man1/openssl-verify.pod.in +++ b/doc/man1/openssl-verify.pod.in @@ -104,6 +104,11 @@ input. =back +Note that the first parameter that does not begin with a B<-> ends the list +of options and starts the list of certificates. If you place any options +after a certificate filename, they will be interpreted not as options +but as certificates. + =head1 DIAGNOSTICS When a verify operation fails the output messages can be somewhat cryptic. The @@ -140,7 +145,7 @@ The B<-engine option> was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ADMISSIONS.pod b/doc/man3/ADMISSIONS.pod index f86aac922aa0..b6335cb73550 100644 --- a/doc/man3/ADMISSIONS.pod +++ b/doc/man3/ADMISSIONS.pod @@ -98,7 +98,7 @@ PROFESSION_INFO_set0_registrationNumber The B<PROFESSION_INFOS>, B<ADMISSION_SYNTAX>, B<ADMISSIONS>, and B<PROFESSION_INFO> types are opaque structures representing the analogous types defined in the Common PKI Specification published -by L<https://www.t7ev.org>. +by L<T7 & TELETRUST|https://www.bundesnetzagentur.de/EVD/DE/SharedDocuments/Downloads/Anbieter_Infothek/Common_PKI_v2.0_02.pdf?__blob=publicationFile&v=1>. Knowledge of those structures and their semantics is assumed. The conventional routines to convert between DER and the local format @@ -169,7 +169,7 @@ L<d2i_X509(3)>, =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_get_data.pod b/doc/man3/BIO_get_data.pod index aeb6b1c7e9ba..b2debd2bc504 100644 --- a/doc/man3/BIO_get_data.pod +++ b/doc/man3/BIO_get_data.pod @@ -18,7 +18,7 @@ BIO_get_shutdown - functions for managing BIO state information =head1 DESCRIPTION -These functions are mainly useful when implementing a custom BIO. +These functions can be used when implementing a custom BIO. The BIO_set_data() function associates the custom data pointed to by B<ptr> with the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). @@ -36,6 +36,13 @@ The BIO_set_shutdown() and BIO_get_shutdown() functions set and get the state of this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource is also closed when the BIO is freed. +=head1 WARNINGS + +Do not use BIO_set_data(), BIO_get_data(), BIO_set_init(), BIO_get_init(), outside +the implementation of a custom BIO. +Calling BIO_set_data() on an existing BIO implementation with data that it does +not expect will lead to unexpected results. + =head1 RETURN VALUES BIO_get_data() returns a pointer to the implementation specific custom data @@ -55,7 +62,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_push.pod b/doc/man3/BIO_push.pod index 84ce3f042d1e..739c2f1b855d 100644 --- a/doc/man3/BIO_push.pod +++ b/doc/man3/BIO_push.pod @@ -20,7 +20,7 @@ Otherwise it prepends I<b>, which may be a single BIO or a chain of BIOs, to I<next> (unless I<next> is NULL). It then makes a control call on I<b> and returns I<b>. -BIO_pop() removes the BIO I<b> from any chain is is part of. +BIO_pop() removes the BIO I<b> from any chain it is part of. If I<b> is NULL the function does nothing and returns NULL. Otherwise it makes a control call on I<b> and returns the next BIO in the chain, or NULL if there is no next BIO. @@ -88,7 +88,7 @@ The BIO_set_next() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod index f337aab353bb..e2feb443f598 100644 --- a/doc/man3/BIO_read.pod +++ b/doc/man3/BIO_read.pod @@ -52,7 +52,9 @@ For implementing this, unfortunately the data needs to be read byte-by-byte. BIO_write() attempts to write I<len> bytes from I<buf> to BIO I<b>. -BIO_puts() attempts to write a NUL-terminated string I<buf> to BIO I<b>. +BIO_puts() attempts to write a NUL-terminated string I<buf> to BIO I<b>, +without the terminating NUL byte and without appending '\n' +(so, similar to fputs(3), and not puts(3)). =head1 RETURN VALUES @@ -119,7 +121,7 @@ I<written> parameter of the function can be NULL since OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index f6b29d9daa9b..2af4ebec91f9 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -1453,6 +1453,9 @@ for failure. EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. +EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() and +EVP_CIPHER_CTX_set_params() return 1 for success and 0 for failure. + =head1 CIPHER LISTING All algorithms have a fixed key length unless otherwise stated. @@ -1477,7 +1480,12 @@ depending on the mode specified. To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output parameter I<out> set to NULL. In this case, on success, the parameter -I<outl> is set to the number of bytes authenticated. +I<outl> is set to the number of AAD bytes processed in that call +(that is, the value of I<inl>), and does not include any plaintext +or ciphertext bytes processed by other calls. + +If no AAD is used, this call can be omitted. See the mode-specific notes +below for any exceptions. When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() indicates whether the operation was successful. If it does not indicate success, diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index bdbf596ec3a5..38f8509f9b17 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -117,8 +117,8 @@ the returned pointer. OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used when the buffer at B<addr> holds sensitive information. The old buffer is filled with zero's by calling OPENSSL_cleanse() -before ultimately calling OPENSSL_free(). If the argument to OPENSSL_free() is -NULL, nothing is done. +before ultimately calling OPENSSL_free(). If the argument to +OPENSSL_clear_free() is NULL, nothing is done. OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's. It is useful in cases when it is needed to ensure that memory (that contains @@ -258,7 +258,7 @@ added in OpenSSL 3.4. =head1 COPYRIGHT -Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index a966d9b17c9c..86239ee57205 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -356,6 +356,12 @@ Taking it over as a trust anchor implements trust-on-first-use (TOFU). Do not cache certificates received in the extraCerts CMP message field. Otherwise they are stored to potentially help validate further messages. +In any case, after successfully validating an incoming message, its protection +certificate (if any) is cached for reuse with validation of subsequent messages. +This is done not only for efficiency but also +to eliminate the need for the sender to include its certificate and related chain +in the extraCerts field of subsequent messages of the same transaction. + =back OSSL_CMP_CTX_get_option() reads the current value of the given option @@ -877,14 +883,15 @@ OSSL_CMP_CTX_set1_serialNumber(), OSSL_CMP_CTX_get0_libctx(), OSSL_CMP_CTX_get0_propq(), and OSSL_CMP_CTX_get0_validatedSrvCert() were added in OpenSSL 3.2. -OSSL_CMP_CTX_get0_geninfo_ITAVs() was added in OpenSSL 3.3. +OSSL_CMP_CTX_get0_geninfo_ITAVs() and +the B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS> option were added in OpenSSL 3.3. Support for central key generation, requested via B<OSSL_CRMF_POPO_NONE>, was added in OpenSSL 3.5. =head1 COPYRIGHT -Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_HPKE_CTX_new.pod b/doc/man3/OSSL_HPKE_CTX_new.pod index 89a6fcafe133..a7fd32122f32 100644 --- a/doc/man3/OSSL_HPKE_CTX_new.pod +++ b/doc/man3/OSSL_HPKE_CTX_new.pod @@ -451,12 +451,12 @@ OSSL_HPKE_get_ciphertext_size() and OSSL_HPKE_get_public_encap_size(). OSSL_HPKE_str2suite() maps input I<str> strings to an B<OSSL_HPKE_SUITE> object. The input I<str> should be a comma-separated string with a KEM, -KDF and AEAD name in that order, for example "x25519,hkdf-sha256,aes128gcm". +KDF and AEAD name in that order, for example "x25519,hkdf-sha256,aes-128-gcm". This can be used by command line tools that accept string form names for HPKE codepoints. Valid (case-insensitive) names are: "p-256", "p-384", "p-521", "x25519" and "x448" for KEM, "hkdf-sha256", "hkdf-sha384" and "hkdf-sha512" for KDF, and -"aes-gcm-128", "aes-gcm-256", "chacha20-poly1305" and "exporter" for AEAD. +"aes-128-gcm", "aes-256-gcm", "chacha20-poly1305" and "exporter" for AEAD. String variants of the numbers listed in L</OSSL_HPKE_SUITE Identifiers> can also be used. @@ -566,7 +566,7 @@ This functionality described here was added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS5_PBE_keyivgen.pod b/doc/man3/PKCS5_PBE_keyivgen.pod index f697628db13b..2b925a09e17a 100644 --- a/doc/man3/PKCS5_PBE_keyivgen.pod +++ b/doc/man3/PKCS5_PBE_keyivgen.pod @@ -110,6 +110,13 @@ I<iter> less than 1 is treated as a single iteration. I<digest> is the message digest function used in the derivation. +I<aiv> is the initialization vector (IV) to use for the encryption algorithm. +If I<aiv> is NULL, then a random IV will be generated. + +I<prf_nid> is the numeric identifier (NID) for the pseudo-random function to +use with PBKDF2. If I<prf_nid> is not specified (for example, I<prf_nid> is set to 0), +a default PRF is used, which is currently set to SHA-256 (NID_hmacWithSHA256). + Functions ending in _ex() take optional parameters I<libctx> and I<propq> which are used to select appropriate algorithm implementations. @@ -118,7 +125,9 @@ are used to select appropriate algorithm implementations. PKCS5_pbe_set(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set(), PKCS5_pbe2_set_iv(), PKCS5_pbe2_set_iv_ex() and PKCS5_pbe2_set_scrypt() generate an B<X509_ALGOR> object which represents an AlgorithmIdentifier containing the algorithm OID and -associated parameters for the PBE algorithm. +associated parameters for the PBE algorithm. These functions encode the +key derivation parameters (such as salt and iteration count) and the +encryption parameters (such as the IV) into the ASN.1 structure. PKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() generate an B<X509_ALGOR> object which represents an AlgorithmIdentifier containing the algorithm OID and @@ -177,7 +186,7 @@ This is required for PBKDF2 FIPS compliance. =head1 COPYRIGHT -Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod index 21cfeed27b46..490932dc854b 100644 --- a/doc/man3/RSA_set_method.pod +++ b/doc/man3/RSA_set_method.pod @@ -148,13 +148,7 @@ and RSA_get_method() return pointers to the respective RSA_METHODs. RSA_set_default_method() returns no value. -RSA_set_method() returns a pointer to the old RSA_METHOD implementation -that was replaced. However, this return value should probably be ignored -because if it was supplied by an ENGINE, the pointer could be invalidated -at any time if the ENGINE is unloaded (in fact it could be unloaded as a -result of the RSA_set_method() function releasing its handle to the -ENGINE). For this reason, the return type may be replaced with a B<void> -declaration in a future release. +RSA_set_method() returns 1 for success. It always succeeds. RSA_new_method() returns NULL and sets an error code that can be obtained by L<ERR_get_error(3)> if the allocation fails. Otherwise @@ -185,7 +179,7 @@ was replaced to always return NULL in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 3e2de6e66be7..e78a2231dae3 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -176,16 +176,14 @@ respectively: $ openssl list -tls1_2 -tls-groups $ openssl list -tls1_3 -tls-groups -The recommended groups (in order of decreasing performance) for TLS 1.3 are presently: +The recommended groups for TLS 1.3 are presently documented in the default +TLS group list in the OpenSSL code base. Starting with OpenSSL 3.5, the +hybrid algorithm B<X25519MLKEM768> is first in this default list. +It mitigates against threats from future quantum computers while +still providing state-of-the-art classical key exchange protection. -B<x25519>, -B<secp256r1>, -B<x448>, -and -B<secp384r1>. - -The stronger security margins of the last two, come at a significant -performance penalty. +Further details regarding post-quantum algorithm considerations are documented +in the HISTORY section below. An enriched alternative syntax, that enables clients to send multiple keyshares and allows servers to prioritise some groups over others, is described in @@ -884,7 +882,7 @@ As of OpenSSL 3.5 key exchange group names are case-insensitive. =head1 COPYRIGHT -Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index 017eefd3176a..6fedad01b4d0 100755 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -40,13 +40,13 @@ SSL_get1_curves, SSL_get_shared_curve, SSL_CTX_get0_implemented_groups For all of the functions below that set the supported groups there must be at least one group in the list. A number of these functions identify groups via a -unique integer NID value. However, support for some groups may be added by -external providers. In this case there will be no NID assigned for the group. +unique integer B<NID> value. However, support for some groups may be added by +external providers. In this case there will be no B<NID> assigned for the group. When setting such groups applications should use the "list" form of these functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list()). SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen> -groups in the array B<glist>. The array consist of all NIDs of supported groups. +groups in the array B<glist>. The array consist of all B<NIDs> of supported groups. The supported groups for B<TLSv1.3> include: B<NID_X9_62_prime256v1>, B<NID_secp384r1>, @@ -73,20 +73,27 @@ B<SSL_OP_CIPHER_SERVER_PREFERENCE> is set, the order of the elements in the array determines the selected group. Otherwise, the order is ignored and the client's order determines the selection. -For a TLS 1.3 server, the groups determine the selected group, but -selection is more complex. A TLS 1.3 client sends both a group list as well as a -predicted subset of groups. Choosing a group outside the predicted subset incurs -an extra roundtrip. However, in some situations, the most preferred group may -not be predicted. OpenSSL considers all supported groups in I<clist> to be comparable -in security and prioritizes avoiding roundtrips above either client or server -preference order. If an application uses an external provider to extend OpenSSL -with, e.g., a post-quantum algorithm, this behavior may allow a network attacker -to downgrade connections to a weaker algorithm. It is therefore recommended -to use SSL_CTX_set1_groups_list() with the ability to specify group tuples. +For a TLS 1.3 server, the groups determine the selected group, but selection is +more complex. +A TLS 1.3 client sends both a group list and predicted keyshares for a subset +of groups. +A server choosing a group outside the client's predicted subset incurs an extra +roundtrip. +However, in some situations, the most preferred group may not be predicted. + +When groups are specified via SSL_CTX_set1_groups() as a list of B<NID> +values, OpenSSL considers all supported groups in I<clist> to be comparable in +security and prioritises avoiding roundtrips above either client or server +preference order. +If an application uses an external provider to extend OpenSSL with, e.g., a +post-quantum algorithm, this behavior may allow a network attacker to downgrade +connections to a weaker algorithm. +It is therefore recommended to use SSL_CTX_set1_groups_list() instead, making +it possible to specify group tuples as described below. SSL_CTX_set1_groups_list() sets the supported groups for B<ctx> to string I<list>. In contrast to SSL_CTX_set1_groups(), the names of the -groups, rather than their NIDs, are used. +groups, rather than their B<NIDs>, are used. The commands below list the available groups for TLS 1.2 and TLS 1.3, respectively: @@ -102,30 +109,72 @@ The preferred group names are those defined by L<IANA|https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>. The I<list> can be used to define several group tuples of comparable security -levels, and can specify which key shares should be sent by a client. -The specified list elements can optionally be ignored, if not implemented +levels, and can specify which predicted key shares should be sent by a client. +Group tuples are used by OpenSSL TLS servers to decide whether to request a +stronger keyshare than those predicted by sending a Hello Retry Request +(B<HRR>) even if some of the predicted groups are supported. +OpenSSL clients ignore tuple boundaries, and pay attenion only to the overall +order of I<list> elements and which groups are selected as predicted keyshares +as described below. + +The specified list elements can optionally be ignored if not implemented (listing unknown groups otherwise results in error). -It is also possible to specify the built-in default set of groups, and to explicitly -remove a group from that list. +It is also possible to specify the built-in default set of groups, and to +explicitly remove a group from that list. + +In its simplest legacy form, the string I<list> is just a colon separated list +of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". +The first group listed will in this case be used as the sole predicted +B<key_share> sent by a client in a TLSv1.3 B<ClientHello>. +The list should be in order of preference with the most preferred group first. + +A more expressive syntax supports definition of group tuples of comparable +security by separating them from each other with C</> characters. + +The predicted keyshares to be sent by clients can be explicitly specified by +adding a C<*> prefix to the associated group name. +These C<*> prefixes are ignored by servers. + +If a group name is prefixed with the C<?> character, it will be ignored if an +implementation is missing. +Otherwise, listing an unknown group name will cause a failure to parse the +I<list>. +Note that whether a group is known or not may depend on the OpenSSL version, +how OpenSSL was compiled and/or which providers are loaded. +Make sure you have the correct spelling of the group name and when in doubt +prefix it with a C<?> to handle configurations in which it might nevertheless +be unknown. + +If a group name is prefixed with the C<-> character, it will be removed from +the list of groups specified up to that point. +It can be added again if specified later. +Removal of groups that have not been included earlier in the list is silently +ignored. -In its simplest form, the string I<list> is just a colon separated list -of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". The first -group listed will also be used for the B<key_share> sent by a client in a -TLSv1.3 B<ClientHello>. For servers note the discussion above. The list should -be in order of preference with the most preferred group first. +The pseudo group name C<DEFAULT> can be used to select the OpenSSL built-in +default list of groups. +Prepending one or more groups to C<DEFAULT> using only C<:> separators prepends those +groups to the built-in default list's first tuple. +Additional tuples can be prepended by use of the C</> separator. +Appending a set of groups to C<DEFAULT> using only C<:> separators appends those +groups to the built-in default list's last tuple. +Additional tuples can be appended by use of the C</> separator. -Group tuples of comparable security are defined by separating them from each -other by a tuple separator C</>. Keyshares to be sent by a client are specified -by prepending a C<*> to the group name, while any C<*> will be ignored by a -server. The following string I<list> for example defines three tuples when -used on the server-side, and triggers the generation of three key shares -when used on the client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048. +The B<DEFAULT> list selects B<X25519MLKEM768> as one of the predicted keyshares. +In rare cases this can lead to failures or timeouts because the resulting +larger TLS Client Hello message may no longer fit in a single TCP segment and +firewall software may erroneously disrupt the TLS handshake. +If this is an issue or concern, prepending C<?X25519MLKEM768:> without a C<*> +prefix leads to its occurrence in the default list to be ignored as a duplicate, +and along with that also the keyshare prediction. +The group will then only be selected by servers that specifically expect it, +after a Hello Retry Request (HRR). +Servers that specifically prefer B<X25519MLKEM768>, are much less likely to be +found behind problematic firewalls. -If a group name is preceded with the C<?> character, it will be ignored if an -implementation is missing. If a group name is preceded with the C<-> character, it -will be removed from the list of groups if present (including not sending a -key share for this group), ignored otherwise. The pseudo group name -C<DEFAULT> can be used to select the OpenSSL built-in default list of groups. +The following string I<list> for example defines three tuples when used on the +server-side, and triggers the generation of three key shares when used on the +client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048. For a TLS 1.3 client, all the groups in the string I<list> are added to the supported groups extension of a C<ClientHello>, in the order in which they are listed, @@ -351,7 +400,7 @@ supported groups as comparable in security. =head1 COPYRIGHT -Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod index dd302983fdde..146e3d03a51a 100644 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -93,6 +93,14 @@ be used as the basis for a PSK. Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it should not be freed by the application. +Note that as described above, the callback may be called a second time during a +handshake. Since ownership of the SSL_SESSION is transferred to OpenSSL on each +call, if the callback wishes to return the same SSL_SESSION pointer on a +subsequent invocation, it must first call L<SSL_SESSION_up_ref(3)> to increment +the reference count. Failure to do so will result in a use-after-free error. +Alternatively, the callback may return a different SSL_SESSION object on each +call (e.g., by calling L<SSL_SESSION_dup(3)>). + It is also possible for the callback to succeed but not supply a PSK. In this case no PSK will be sent to the server but the handshake will continue. To do this the callback should return successfully and ensure that B<*sess> is @@ -169,7 +177,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_ciphers.pod b/doc/man3/SSL_get_ciphers.pod index add0fc4cd045..8f32cc008e4b 100644 --- a/doc/man3/SSL_get_ciphers.pod +++ b/doc/man3/SSL_get_ciphers.pod @@ -75,6 +75,8 @@ description of SSL_get1_supported_ciphers() above). This function will return available shared ciphersuites whether or not they are enabled. This is a server side function only and must only be called after the completion of the initial handshake. +The function sets an empty string when B<ssl> fails the handshake due to the +absence of shared ciphers. =head1 NOTES @@ -107,7 +109,7 @@ L<SSL_CIPHER_get_name(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509V3_EXT_print.pod b/doc/man3/X509V3_EXT_print.pod new file mode 100644 index 000000000000..0727d35f88e5 --- /dev/null +++ b/doc/man3/X509V3_EXT_print.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +X509V3_EXT_print, X509V3_EXT_print_fp - pretty print X509 certificate extensions + +=head1 SYNOPSIS + + #include <openssl/x509v3.h> + + int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); + int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); + +=head1 DESCRIPTION + +X509V3_EXT_print() and X509V3_EXT_print_fp() parse and print the extension +info from I<ext> to I<bio> or I<out> with indentation set via I<indent>. +I<flag> determines the behaviour if an extension could not be parsed and can be +one of: +B<X509V3_EXT_DEFAULT> (equivalent to 0): an unknown or unparsable extension +stops the parsing and the function returns a failure. +B<X509V3_EXT_PARSE_UNKNOWN>: an unknown or unparsable extension is handled by +printing it through the B<ASN1_parse_dump()> function, and the function returns +success. +B<X509V3_EXT_DUMP_UNKNOWN>: an unknown or unparsable extension is handled by +printing it through the B<BIO_dump_indent()> function, and the function returns +success, +B<X509V3_EXT_ERROR_UNKNOWN>: an unknown or unparsable extension is handled by +printing either "<Not Supported>" or "<Parse Error>", and the function returns +success. + +=head1 RETURN VALUES + +X509V3_EXT_print() and X509V3_EXT_print_fp() return 1 for success and 0 for +failure. + +=head1 SEE ALSO + +L<BIO_dump_indent(3)>, +L<ASN1_parse_dump(3)>, + +=head1 COPYRIGHT + +Copyright 2026 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/man3/X509_NAME_print_ex.pod b/doc/man3/X509_NAME_print_ex.pod index e43bb191f523..f86849d26e2e 100644 --- a/doc/man3/X509_NAME_print_ex.pod +++ b/doc/man3/X509_NAME_print_ex.pod @@ -32,9 +32,8 @@ I<size> is ignored. Otherwise, at most I<size> bytes will be written, including the ending '\0', and I<buf> is returned. -X509_NAME_print() prints out I<name> to I<bp> indenting each line by I<obase> -characters. Multiple lines are used if the output (including indent) exceeds -80 characters. +X509_NAME_print() prints out I<name> to I<bp> on a single line. +The I<obase> parameter is ignored and retained only for API compatibility. =head1 NOTES @@ -122,7 +121,7 @@ L<ASN1_STRING_print_ex(3)> =head1 COPYRIGHT -Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_SIGNATURE-DSA.pod b/doc/man7/EVP_SIGNATURE-DSA.pod index 2c0f0073a4fa..d50e44f161ff 100644 --- a/doc/man7/EVP_SIGNATURE-DSA.pod +++ b/doc/man7/EVP_SIGNATURE-DSA.pod @@ -3,7 +3,7 @@ =head1 NAME EVP_SIGNATURE-DSA -- The B<EVP_PKEY> DSA signature implementation +- The EVP_PKEY B<DSA> signature implementation =head1 DESCRIPTION @@ -116,7 +116,7 @@ OpenSSL 3.4. See L<fips_module(7)/FIPS indicators> for more information. =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_SIGNATURE-ECDSA.pod b/doc/man7/EVP_SIGNATURE-ECDSA.pod index bc75ed140814..aa1d1a8f0de9 100644 --- a/doc/man7/EVP_SIGNATURE-ECDSA.pod +++ b/doc/man7/EVP_SIGNATURE-ECDSA.pod @@ -2,7 +2,7 @@ =head1 NAME -EVP_SIGNATURE-ECDSA - The EVP_PKEY ECDSA signature implementation. +EVP_SIGNATURE-ECDSA - The EVP_PKEY B<ECDSA> signature implementation =head1 DESCRIPTION @@ -104,7 +104,7 @@ L<provider-signature(7)>, =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_SIGNATURE-ED25519.pod b/doc/man7/EVP_SIGNATURE-ED25519.pod index 559968664e1a..745955e5925e 100644 --- a/doc/man7/EVP_SIGNATURE-ED25519.pod +++ b/doc/man7/EVP_SIGNATURE-ED25519.pod @@ -6,7 +6,7 @@ EVP_SIGNATURE-ED25519, EVP_SIGNATURE-ED448, Ed25519, Ed448 -- EVP_PKEY Ed25519 and Ed448 support +- The EVP_PKEY B<Ed25519> and B<Ed448> signature implementations =head1 DESCRIPTION @@ -175,7 +175,7 @@ L<EVP_DigestVerifyInit(3)>, =head1 COPYRIGHT -Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_SIGNATURE-HMAC.pod b/doc/man7/EVP_SIGNATURE-HMAC.pod index 6628d9ebc2bc..50578aa94c29 100644 --- a/doc/man7/EVP_SIGNATURE-HMAC.pod +++ b/doc/man7/EVP_SIGNATURE-HMAC.pod @@ -4,7 +4,7 @@ EVP_SIGNATURE-HMAC, EVP_SIGNATURE-Siphash, EVP_SIGNATURE-Poly1305, EVP_SIGNATURE-CMAC -- The legacy B<EVP_PKEY> MAC signature implementations +- The legacy EVP_PKEY B<MAC> signature implementations =head1 DESCRIPTION @@ -39,7 +39,7 @@ L<provider-signature(7)>, =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_SIGNATURE-ML-DSA.pod b/doc/man7/EVP_SIGNATURE-ML-DSA.pod index c9ccf1aafb8e..fc2318364f89 100644 --- a/doc/man7/EVP_SIGNATURE-ML-DSA.pod +++ b/doc/man7/EVP_SIGNATURE-ML-DSA.pod @@ -3,8 +3,8 @@ =head1 NAME EVP_SIGNATURE-ML-DSA, -EVP_SIGNATURE-ML-DSA-44, EVP_SIGNATURE-ML-DSA-65, EVP_SIGNATURE-ML-DSA-87, -- EVP_SIGNATURE ML-DSA support +EVP_SIGNATURE-ML-DSA-44, EVP_SIGNATURE-ML-DSA-65, EVP_SIGNATURE-ML-DSA-87 +- The EVP_PKEY B<ML-DSA> signature implementations =head1 DESCRIPTION @@ -131,7 +131,7 @@ This functionality was added in OpenSSL 3.5. =head1 COPYRIGHT -Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod index 5dc27ac2838e..7ec9eda5c1a5 100644 --- a/doc/man7/EVP_SIGNATURE-RSA.pod +++ b/doc/man7/EVP_SIGNATURE-RSA.pod @@ -3,7 +3,7 @@ =head1 NAME EVP_SIGNATURE-RSA -- The EVP_PKEY RSA signature implementation +- The EVP_PKEY B<RSA> signature implementation =head1 DESCRIPTION @@ -192,7 +192,7 @@ L<provider-signature(7)>, =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_SIGNATURE-SLH-DSA.pod b/doc/man7/EVP_SIGNATURE-SLH-DSA.pod index c1699793ce3b..ef5dcd56222a 100644 --- a/doc/man7/EVP_SIGNATURE-SLH-DSA.pod +++ b/doc/man7/EVP_SIGNATURE-SLH-DSA.pod @@ -9,7 +9,7 @@ EVP_SIGNATURE-SLH-DSA-SHA2-256s, EVP_SIGNATURE-SLH-DSA-SHA2-256f, EVP_SIGNATURE-SLH-DSA-SHAKE-128s, EVP_SIGNATURE-SLH-DSA-SHAKE-128f, EVP_SIGNATURE-SLH-DSA-SHAKE-192s, EVP_SIGNATURE-SLH-DSA-SHAKE-192f, EVP_SIGNATURE-SLH-DSA-SHAKE-256s, EVP_SIGNATURE-SLH-DSA-SHAKE-256f -- EVP_PKEY SLH-DSA support +- The EVP_PKEY B<SLH-DSA> signature implementations =head1 DESCRIPTION @@ -126,7 +126,7 @@ This functionality was added in OpenSSL 3.5. =head1 COPYRIGHT -Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod index 218eb93632ca..73a2e933fa76 100644 --- a/doc/man7/openssl-env.pod +++ b/doc/man7/openssl-env.pod @@ -64,6 +64,13 @@ This output usually makes sense only if you know OpenSSL internals well. The value of this environment variable is a comma-separated list of names, with the following available: +=item B<OPENSSL_RUNNING_UNIT_TESTS> + +This environment variable is used to flag the fact that unit tests are being run +(i.e. `make test`). It is used to detect when the OpenSSL should behave in a special +manner during unit tests (i.e. when unit tests are being run on fuzzing builds). It should +generally not be set by users. + =over 4 =item B<TRACE> @@ -205,7 +212,7 @@ Use of this feature should be restricted to test and debug environments only. =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/ossl-guide-tls-introduction.pod b/doc/man7/ossl-guide-tls-introduction.pod index 5789524324d1..adda37592378 100644 --- a/doc/man7/ossl-guide-tls-introduction.pod +++ b/doc/man7/ossl-guide-tls-introduction.pod @@ -165,7 +165,7 @@ directly in B<OPENSSLDIR>. For example if B<OPENSSLDIR> is "/usr/local/ssl", then save it as "/usr/local/ssl/cert.pem". You can also use environment variables to override the default location that -OpenSSL will look for its trusted certificate store. Set the B<SSL_CERT_PATH> +OpenSSL will look for its trusted certificate store. Set the B<SSL_CERT_DIR> environment variable to give the directory where OpenSSL should looks for its certificates or the B<SSL_CERT_FILE> environment variable to give the name of a single file containing all of the certificates. See L<openssl-env(7)> for @@ -311,7 +311,7 @@ L<ossl-guide-tls-server-block(7)>, L<ossl-guide-quic-introduction(7)> =head1 COPYRIGHT -Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/property.pod b/doc/man7/property.pod index eb0f6b176ccb..7adf282ebfbe 100644 --- a/doc/man7/property.pod +++ b/doc/man7/property.pod @@ -142,6 +142,38 @@ Note that the local property query could not use "fips=no" because that would disallow any implementations with "fips=yes" rather than not caring about the setting. +=head1 PREDEFINED NAMES + +=for comment This list should correspond to the array 'predefined_names' in crypto/property/property_parse.c + +Currently known predefined names are: + +=over 4 + +=item C<provider> + +The conventional property value is the provider's name. This may be different from the name returned by L<OSSL_PROVIDER_get0_name(3)>. + +It is a convention among OpenSSL provider implementations to define a property with this name. It is not mandatory to do this. + +=item C<version> + +The conventional property value is the provider's version. + +OpenSSL provider implementations do not define a property with this name. + +=item C<fips> + +The conventional property value is boolean (C<"yes"> or C<"no">), indication whether the implementation conforms to FIPS standards or not. + +It is a convention among OpenSSL provider implementations to define a property with this name where applicable. It is not mandatory to do this, but is strongly recommended. + +=item C<output>, C<input>, C<structure> + +Properties with these names are used by encoders (see L<provider-encoder(7)>) and decoders (see L<provider-decoder(7)>). + +=back + =head1 SYNTAX The lexical syntax in EBNF is given by: @@ -167,7 +199,7 @@ Properties were added in OpenSSL 3.0 =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 511195770581..7f5e8447bf18 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -141,7 +141,8 @@ For example, the "function" core_gettable_params() has these: static ossl_inline OSSL_NAME_core_gettable_params_fn OSSL_FUNC_core_gettable_params(const OSSL_DISPATCH *opf); -L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as +L<OSSL_DISPATCH(3)> array entries contain a I<function_id> field that +identifies the function. The I<function_id> numbers are provided as macros in L<openssl-core_dispatch.h(7)>, as follows: For I<in> (the L<OSSL_DISPATCH(3)> array passed from F<libcrypto> to the @@ -1016,7 +1017,7 @@ were added in OpenSSL 3.5. =head1 COPYRIGHT -Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |