The branch master has been updated via c190506cd827221a861c3207ae2496ea1ec7a1fd (commit) from 918388b5a02351ef2c5f560cd9369e928e8a1cd0 (commit)
- Log ----------------------------------------------------------------- commit c190506cd827221a861c3207ae2496ea1ec7a1fd Author: Alois Mahdal <amah...@redhat.com> Date: Wed Feb 21 16:49:33 2018 +0100 Reflect special `DEFAULT` behavior in ciphers(1) Actual behavior of DEFAULT is different than currently described. Rather than actinf as cipher string, DEFAULT cannot be combined using logical operators, etc. Fixes #5420. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5428) ----------------------------------------------------------------------- Summary of changes: doc/man1/ciphers.pod | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index 9616e8e..3786e9a 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -168,19 +168,20 @@ The cipher string B<@SECLEVEL=n> can be used at any point to set the security level to B<n>, which should be a number between zero and five, inclusive. See L<SSL_CTX_set_security_level> for a description of what each level means. +The cipher list can be prefixed with the B<DEFAULT> keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using B<+> character. +For example, B<DEFAULT+DES> is not valid. + +The content of the default list is determined at compile time and normally +corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>. + =head1 CIPHER STRINGS The following is a list of all permitted cipher strings and their meanings. =over 4 -=item B<DEFAULT> - -The default cipher list. -This is determined at compile time and is normally -B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>. -When used, this must be the first cipherstring specified. - =item B<COMPLEMENTOFDEFAULT> The ciphers included in B<ALL>, but not enabled by default. Currently _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits