diff options
Diffstat (limited to 'secure/usr.bin/openssl')
46 files changed, 110 insertions, 88 deletions
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index 81b0bf7..d3088ec 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH CA.PL 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index afc7a53..95e8fa1 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH ASN1PARSE 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/c_rehash.1 b/secure/usr.bin/openssl/man/c_rehash.1 index a60ccb5..c6f356e 100644 --- a/secure/usr.bin/openssl/man/c_rehash.1 +++ b/secure/usr.bin/openssl/man/c_rehash.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "C_REHASH 1" -.TH C_REHASH 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH C_REHASH 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index d4cb79e..b22ed99 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH CA 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index e10144a..e4dd7ed 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH CIPHERS 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,21 +168,18 @@ in a cipher list; this is when similar ciphers are available for .IP "\fB\-V\fR" 4 .IX Item "-V" Like \fB\-v\fR, but include cipher suite codes in output (hex format). -.IP "\fB\-ssl3\fR" 4 -.IX Item "-ssl3" -only include \s-1SSL\s0 v3 ciphers. +.IP "\fB\-ssl3\fR, \fB\-tls1\fR" 4 +.IX Item "-ssl3, -tls1" +This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2. .IP "\fB\-ssl2\fR" 4 .IX Item "-ssl2" -only include \s-1SSL\s0 v2 ciphers. -.IP "\fB\-tls1\fR" 4 -.IX Item "-tls1" -only include \s-1TLS\s0 v1 ciphers. +Only include SSLv2 ciphers. .IP "\fB\-h\fR, \fB\-?\fR" 4 .IX Item "-h, -?" -print a brief usage message. +Print a brief usage message. .IP "\fBcipherlist\fR" 4 .IX Item "cipherlist" -a cipher list to convert to a cipher preference list. If it is not included +A cipher list to convert to a cipher preference list. If it is not included then the default cipher list will be used. The format is described below. .SH "CIPHER LIST FORMAT" .IX Header "CIPHER LIST FORMAT" @@ -228,9 +225,10 @@ the current cipher list in order of encryption algorithm key length. The following is a list of all permitted cipher strings and their meanings. .IP "\fB\s-1DEFAULT\s0\fR" 4 .IX Item "DEFAULT" -the default cipher list. This is determined at compile time and -is normally \fB\s-1ALL:\s0!EXPORT:!aNULL:!eNULL:!SSLv2\fR. This must be the firstcipher string -specified. +The default cipher list. +This is determined at compile time and is normally +\&\fB\s-1ALL:\s0!EXPORT:!aNULL:!eNULL:!SSLv2\fR. +When used, this must be the first cipherstring specified. .IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4 .IX Item "COMPLEMENTOFDEFAULT" the ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently @@ -252,29 +250,41 @@ than 128 bits, and some cipher suites with 128\-bit keys. \&\*(L"medium\*(R" encryption cipher suites, currently some of those using 128 bit encryption. .IP "\fB\s-1LOW\s0\fR" 4 .IX Item "LOW" -\&\*(L"low\*(R" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms -but excluding export cipher suites. +Low strength encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. +As of OpenSSL 1.0.2g, these are disabled in default builds. .IP "\fB\s-1EXP\s0\fR, \fB\s-1EXPORT\s0\fR" 4 .IX Item "EXP, EXPORT" -export encryption algorithms. Including 40 and 56 bits algorithms. +Export strength encryption algorithms. Including 40 and 56 bits algorithms. +As of OpenSSL 1.0.2g, these are disabled in default builds. .IP "\fB\s-1EXPORT40\s0\fR" 4 .IX Item "EXPORT40" -40 bit export encryption algorithms +40\-bit export encryption algorithms +As of OpenSSL 1.0.2g, these are disabled in default builds. .IP "\fB\s-1EXPORT56\s0\fR" 4 .IX Item "EXPORT56" -56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of +56\-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of 56 bit export ciphers is empty unless OpenSSL has been explicitly configured with support for experimental ciphers. +As of OpenSSL 1.0.2g, these are disabled in default builds. .IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 .IX Item "eNULL, NULL" -the \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no -encryption at all and are a security risk they are disabled unless explicitly -included. +The \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +\&\fB\s-1DEFAULT\s0\fR or \fB\s-1ALL\s0\fR cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkRSA\fR or \fBaECDSA\fR as these do overlap with the \fBeNULL\fR ciphers. +When in doubt, include \fB!eNULL\fR in your cipherlist. .IP "\fBaNULL\fR" 4 .IX Item "aNULL" -the cipher suites offering no authentication. This is currently the anonymous +The cipher suites offering no authentication. This is currently the anonymous \&\s-1DH\s0 algorithms and anonymous \s-1ECDH\s0 algorithms. These cipher suites are vulnerable to a \*(L"man in the middle\*(R" attack and so their use is normally discouraged. +These are excluded from the \fB\s-1DEFAULT\s0\fR ciphers, but included in the \fB\s-1ALL\s0\fR +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkDHE\fR or \fB\s-1AES\s0\fR as these do overlap with the \fBaNULL\fR ciphers. +When in doubt, include \fB!aNULL\fR in your cipherlist. .IP "\fBkRSA\fR, \fB\s-1RSA\s0\fR" 4 .IX Item "kRSA, RSA" cipher suites using \s-1RSA\s0 key exchange. @@ -659,11 +669,11 @@ Note: these ciphers can also be used in \s-1SSL\s0 v3. .IX Subsection "Deprecated SSL v2.0 cipher suites." .Vb 7 \& SSL_CK_RC4_128_WITH_MD5 RC4\-MD5 -\& SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP\-RC4\-MD5 -\& SSL_CK_RC2_128_CBC_WITH_MD5 RC2\-MD5 -\& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP\-RC2\-MD5 +\& SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented. +\& SSL_CK_RC2_128_CBC_WITH_MD5 RC2\-CBC\-MD5 +\& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented. \& SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA\-CBC\-MD5 -\& SSL_CK_DES_64_CBC_WITH_MD5 DES\-CBC\-MD5 +\& SSL_CK_DES_64_CBC_WITH_MD5 Not implemented. \& SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES\-CBC3\-MD5 .Ve .SH "NOTES" diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1 index 7355c9a..aadb943 100644 --- a/secure/usr.bin/openssl/man/cms.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH CMS 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 24c4efe..6f9f1cf 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH CRL 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index f8d4573..a2d5c2e 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH CRL2PKCS7 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index 746b2ad..456c2a4 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH DGST 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index 28959e3..d7d937e 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH DHPARAM 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index 933fb28..0c50725 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH DSA 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index 58622b9..d85fa49 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH DSAPARAM 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index 5382d82..005bd79 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH EC 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index 3737f86..b09d3c9 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH ECPARAM 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index 8378679..204a083 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH ENC 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index 558f9f4..f2baf45 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH ERRSTR 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index e98a281..de31ae9 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH GENDSA 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 index ad8fbd3..ebd59f7 100644 --- a/secure/usr.bin/openssl/man/genpkey.1 +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH GENPKEY 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index f8415b0..ad705e7 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH GENRSA 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index f78ebd3..11b1d22 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH NSEQ 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index da78b9b..4f04010 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH OCSP 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index bcdb875..e59468f 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH OPENSSL 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index 6fd59b8..9c3a370 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH PASSWD 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index c43b106..957a6c6 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH PKCS12 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index 7ea5a4d..59bcf19 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH PKCS7 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index bccfbef..aa1187b 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH PKCS8 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1 index a2da193..488dbd3 100644 --- a/secure/usr.bin/openssl/man/pkey.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH PKEY 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1 index 809cdf0..5c0019d 100644 --- a/secure/usr.bin/openssl/man/pkeyparam.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH PKEYPARAM 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 index 7311f52..f33a0c3 100644 --- a/secure/usr.bin/openssl/man/pkeyutl.1 +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH PKEYUTL 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -246,6 +246,19 @@ Unless otherwise mentioned all algorithms support the \fBdigest:alg\fR option which specifies the digest in use for sign, verify and verifyrecover operations. The value \fBalg\fR should represent a digest name as used in the \&\fIEVP_get_digestbyname()\fR function for example \fBsha1\fR. +This value is used only for sanity-checking the lengths of data passed in to +the \fBpkeyutl\fR and for creating the structures that make up the signature +(e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures). +In case of \s-1RSA, ECDSA\s0 and \s-1DSA\s0 signatures, this utility +will not perform hashing on input data but rather use the data directly as +input of signature algorithm. Depending on key type, signature type and mode +of padding, the maximum acceptable lengths of input data differ. In general, +with \s-1RSA\s0 the signed data can't be longer than the key modulus, in case of \s-1ECDSA\s0 +and \s-1DSA\s0 the data shouldn't be longer than field size, otherwise it will be +silently truncated to field size. +.PP +In other words, if the value of digest is \fBsha1\fR the input should be 20 bytes +long binary encoding of \s-1SHA\-1\s0 hash function output. .SH "RSA ALGORITHM" .IX Header "RSA ALGORITHM" The \s-1RSA\s0 algorithm supports encrypt, decrypt, sign, verify and verifyrecover diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index 2f08049..1aee0ab 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH RAND 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index 2b8eb1b..a16807b 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH REQ 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -433,9 +433,12 @@ command line options \fBpassin\fR and \fBpassout\fR override the configuration file values. .IP "\fBdefault_bits\fR" 4 .IX Item "default_bits" -This specifies the default key size in bits. If not specified then -512 is used. It is used if the \fB\-new\fR option is used. It can be -overridden by using the \fB\-newkey\fR option. +Specifies the default key size in bits. +.Sp +This option is used in conjunction with the \fB\-new\fR option to generate +a new key. It can be overridden by specifying an explicit key size in +the \fB\-newkey\fR option. The smallest accepted key size is 512 bits. If +no key size is specified then 2048 bits is used. .IP "\fBdefault_keyfile\fR" 4 .IX Item "default_keyfile" This is the default filename to write a private key to. If not diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 12f6bb7..fa72520 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH RSA 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index 5d1d7ec..62d2ecd 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH RSAUTL 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 74aae10..89fc87a 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH S_CLIENT 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -305,15 +305,11 @@ Use the \s-1PSK\s0 identity \fBidentity\fR when using a \s-1PSK\s0 cipher suite. Use the \s-1PSK\s0 key \fBkey\fR when using a \s-1PSK\s0 cipher suite. The key is given as a hexadecimal number without leading 0x, for example \-psk 1a2b3c4d. -.IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR" 4 -.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2" -these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. -.Sp -Unfortunately there are still ancient and broken servers in use which -cannot handle this technique and will fail to connect. Some servers only -work if \s-1TLS\s0 is turned off. +.IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR" 4 +.IX Item "-ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2" +These options require or disable the use of the specified \s-1SSL\s0 or \s-1TLS\s0 protocols. +By default the initial handshake uses a \fIversion-flexible\fR method which will +negotiate the highest mutually supported protocol version. .IP "\fB\-fallback_scsv\fR" 4 .IX Item "-fallback_scsv" Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index 0436ae1..94dfd5f 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH S_SERVER 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -321,11 +321,11 @@ Use the \s-1PSK\s0 identity hint \fBhint\fR when using a \s-1PSK\s0 cipher suite Use the \s-1PSK\s0 key \fBkey\fR when using a \s-1PSK\s0 cipher suite. The key is given as a hexadecimal number without leading 0x, for example \-psk 1a2b3c4d. -.IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 -.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" -these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. +.IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR" 4 +.IX Item "-ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2" +These options require or disable the use of the specified \s-1SSL\s0 or \s-1TLS\s0 protocols. +By default the initial handshake uses a \fIversion-flexible\fR method which will +negotiate the highest mutually supported protocol version. .IP "\fB\-bugs\fR" 4 .IX Item "-bugs" there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 284acc1..9414c1d 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH S_TIME 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index b0c54f7..19af06b 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH SESS_ID 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index 092218e..b691b9b76 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH SMIME 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index 08639bd..9350efa 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH SPEED 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index 8a55179..e42adce 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH SPKAC 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 index ba62c06a..803b713 100644 --- a/secure/usr.bin/openssl/man/ts.1 +++ b/secure/usr.bin/openssl/man/ts.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH TS 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 index 5faa438..7a0c451 100644 --- a/secure/usr.bin/openssl/man/tsget.1 +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH TSGET 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 9141659..18d891b 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH VERIFY 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 40ec2ac..36751c4 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH VERSION 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 46a9476..8d4f47d 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH X509 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1 index b4f3246..da85a10 100644 --- a/secure/usr.bin/openssl/man/x509v3_config.1 +++ b/secure/usr.bin/openssl/man/x509v3_config.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2016-01-28" "1.0.2f" "OpenSSL" +.TH X509V3_CONFIG 1 "2016-03-01" "1.0.2g" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l |