Commit c190506c authored by Alois Mahdal's avatar Alois Mahdal Committed by Richard Levitte
Browse files

Reflect special `DEFAULT` behavior in ciphers(1) 



Actual behavior of DEFAULT is different than currently described.
Rather than actinf as cipher string, DEFAULT cannot be combined using
logical operators, etc.

Fixes #5420.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5428)
parent 918388b5

doc/man1/ciphers.pod

+8 −7
Original line number Diff line number Diff line
@@ -168,19 +168,20 @@ The cipher string B<@SECLEVEL=n> can be used at any point to set the security 
level to B<n>, which should be a number between zero and five, inclusive.

See L<SSL_CTX_set_security_level> for a description of what each level means.



The cipher list can be prefixed with the B<DEFAULT> keyword, which enables

the default cipher list as defined below.  Unlike cipher strings,

this prefix may not be combined with other strings using B<+> character.

For example, B<DEFAULT+DES> is not valid.



The content of the default list is determined at compile time and normally

corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.



=head1 CIPHER STRINGS



The following is a list of all permitted cipher strings and their meanings.



=over 4



=item B<DEFAULT>



The default cipher list.

This is determined at compile time and is normally

B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.

When used, this must be the first cipherstring specified.



=item B<COMPLEMENTOFDEFAULT>



The ciphers included in B<ALL>, but not enabled by default. Currently