Add documentation for TLSv1.3 ciphersuite configuration

[B<-srp>]

[B<-stdname>]

[B<-convert name>]

[B<-ciphersuites val>]

[B<cipherlist>]

=head1 DESCRIPTION

Convert a standard cipher B<name> to its OpenSSL name.

=item B<-ciphersuites val>

Sets the list of TLSv1.3 ciphersuites. This list will be combined with any

TLSv1.2 and below ciphersuites that have been configured. The format for this

list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By

default this value is:

"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

=item B<cipherlist>

A cipher list to convert to a cipher preference list. If it is not included

then the default cipher list will be used. The format is described below.

A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher

preference list. This list will be combined with any TLSv1.3 ciphersuites that

have been configured. If it is not included then the default cipher list will be

used. The format is described below.

=back

=head2 TLS v1.3 cipher suites

 TLS_AES_128_GCM_SHA256                     TLS13-AES-128-GCM-SHA256

 TLS_AES_256_GCM_SHA384                     TLS13-AES-256-GCM-SHA384

 TLS_CHACHA20_POLY1305_SHA256               TLS13-CHACHA20-POLY1305-SHA256

 TLS_AES_128_CCM_SHA256                     TLS13-AES-128-CCM-SHA256

 TLS_AES_128_CCM_8_SHA256                   TLS13-AES-128-CCM-8-SHA256

 TLS_AES_128_GCM_SHA256                     TLS_AES_128_GCM_SHA256

 TLS_AES_256_GCM_SHA384                     TLS_AES_256_GCM_SHA384

 TLS_CHACHA20_POLY1305_SHA256               TLS_CHACHA20_POLY1305_SHA256

 TLS_AES_128_CCM_SHA256                     TLS_AES_128_CCM_SHA256

 TLS_AES_128_CCM_8_SHA256                   TLS_AES_128_CCM_8_SHA256

=head2 Older names used by OpenSSL

[B<-sigalgs sigalglist>]

[B<-curves curvelist>]

[B<-cipher cipherlist>]

[B<-ciphersuites val>]

[B<-serverpref>]

[B<-starttls protocol>]

[B<-xmpphost hostname>]

=item B<-cipher cipherlist>

This allows the cipher list sent by the client to be modified. Although

the server determines which cipher suite is used it should take the first

supported cipher in the list sent by the client. See the B<ciphers>

command for more information.

This allows the TLSv1.2 and below cipher list sent by the client to be modified.

This list will be combined with any TLSv1.3 ciphersuites that have been

configured. Although the server determines which ciphersuite is used it should

take the first supported cipher in the list sent by the client. See the

B<ciphers> command for more information.

=item B<-ciphersuites val>

This allows the TLSv1.3 ciphersuites sent by the client to be modified. This

list will be combined with any TLSv1.2 and below ciphersuites that have been

configured. Although the server determines which cipher suite is used it should

take the first supported cipher in the list sent by the client. See the

B<ciphers> command for more information. The format for this list is a simple

colon (":") separated list of TLSv1.3 ciphersuite names.

=item B<-starttls protocol>

[B<-curves val>]

[B<-named_curve val>]

[B<-cipher val>]

[B<-ciphersuites val>]

[B<-dhparam infile>]

[B<-record_padding val>]

[B<-debug_broken_protocol>]

=item B<-cipher val>

This allows the cipher list used by the server to be modified.  When

the client sends a list of supported ciphers the first client cipher

also included in the server list is used. Because the client specifies

the preference order, the order of the server cipherlist irrelevant. See

This allows the list of TLSv1.2 and below ciphersuites used by the server to be

modified. This list is combined with any TLSv1.3 ciphersuites that have been

configured. When the client sends a list of supported ciphers the first client

cipher also included in the server list is used. Because the client specifies

the preference order, the order of the server cipherlist is irrelevant. See

the B<ciphers> command for more information.

=item B<-ciphersuites val>

This allows the list of TLSv1.3 ciphersuites used by the server to be modified.

This list is combined with any TLSv1.2 and below ciphersuites that have been

configured. When the client sends a list of supported ciphers the first client

cipher also included in the server list is used. Because the client specifies

the preference order, the order of the server cipherlist is irrelevant. See

the B<ciphers> command for more information. The format for this list is a

simple colon (":") separated list of TLSv1.3 ciphersuite names.

=item B<-dhparam infile>

The DH parameter file to use. The ephemeral DH cipher suites generate keys

[B<-ssl3>]

[B<-bugs>]

[B<-cipher cipherlist>]

[B<-ciphersuites val>]

=head1 DESCRIPTION

=item B<-cipher cipherlist>

This allows the cipher list sent by the client to be modified. Although

the server determines which cipher suite is used it should take the first

supported cipher in the list sent by the client.

See the L<ciphers(1)> command for more information.

This allows the TLSv1.2 and below cipher list sent by the client to be modified.

This list will be combined with any TLSv1.3 ciphersuites that have been

configured. Although the server determines which cipher suite is used it should

take the first supported cipher in the list sent by the client. See the

L<ciphers(1)> command for more information.

=item B<-ciphersuites val>

This allows the TLSv1.3 ciphersuites sent by the client to be modified. This

list will be combined with any TLSv1.2 and below ciphersuites that have been

configured. Although the server determines which cipher suite is used it should

take the first supported cipher in the list sent by the client. See the

B<ciphers> command for more information. The format for this list is a simple

colon (":") separated list of TLSv1.3 ciphersuite names.

=item B<-time length>

=item B<-cipher>

Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is

currently not performed unless a B<SSL> or B<SSL_CTX> structure is

Sets the TLSv1.2 and below ciphersuite list to B<value>. This list will be

combined with any configured TLSv1.3 ciphersuites. Note: syntax checking

of B<value> is currently not performed unless a B<SSL> or B<SSL_CTX> structure is

associated with B<cctx>.

=item B<-ciphersuites>

Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon

(":") separated list of TLSv1.3 ciphersuite names in order of preference. This

list will be combined any configured TLSv1.2 and below ciphersuites.

=item B<-cert>

Attempts to use the file B<value> as the certificate for the appropriate

=item B<CipherString>

Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is

currently not performed unless an B<SSL> or B<SSL_CTX> structure is

associated with B<cctx>.

Sets the ciphersuite list for TLSv1.2 and below to B<value>. This list will be

combined with any configured TLSv1.3 ciphersuites. Note: syntax

checking of B<value> is currently not performed unless an B<SSL> or B<SSL_CTX>

structure is associated with B<cctx>.

=item B<Ciphersuites>

Sets the available ciphersuites for TLSv1.3 to B<value>. This is a simple colon

(":") separated list of TLSv1.3 ciphersuite names in order of preference. This

list will be combined any configured TLSv1.2 and below ciphersuites.

=item B<Certificate>