[openssl-commits] [openssl] master update

Richard Levitte levitte at openssl.org
Thu Apr 19 13:36:33 UTC 2018 

The branch master has been updated
       via  c190506cd827221a861c3207ae2496ea1ec7a1fd (commit)
      from  918388b5a02351ef2c5f560cd9369e928e8a1cd0 (commit)


- Log -----------------------------------------------------------------
commit c190506cd827221a861c3207ae2496ea1ec7a1fd
Author: Alois Mahdal <amahdal at redhat.com>
Date:   Wed Feb 21 16:49:33 2018 +0100

    Reflect special `DEFAULT` behavior in ciphers(1)
    
    Actual behavior of DEFAULT is different than currently described.
    Rather than actinf as cipher string, DEFAULT cannot be combined using
    logical operators, etc.
    
    Fixes #5420.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5428)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/ciphers.pod | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index 9616e8e..3786e9a 100644
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -168,19 +168,20 @@ The cipher string B<@SECLEVEL=n> can be used at any point to set the security
 level to B<n>, which should be a number between zero and five, inclusive.
 See L<SSL_CTX_set_security_level> for a description of what each level means.
 
+The cipher list can be prefixed with the B<DEFAULT> keyword, which enables
+the default cipher list as defined below.  Unlike cipher strings,
+this prefix may not be combined with other strings using B<+> character.
+For example, B<DEFAULT+DES> is not valid.
+
+The content of the default list is determined at compile time and normally
+corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
+
 =head1 CIPHER STRINGS
 
 The following is a list of all permitted cipher strings and their meanings.
 
 =over 4
 
-=item B<DEFAULT>
-
-The default cipher list.
-This is determined at compile time and is normally
-B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
-When used, this must be the first cipherstring specified.
-
 =item B<COMPLEMENTOFDEFAULT>
 
 The ciphers included in B<ALL>, but not enabled by default. Currently

More information about the openssl-commits mailing list