From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 7 Feb 2016 19:34:03 +0000 (+0100)
Subject: Update ciphers -s documentation
X-Git-Tag: OpenSSL_1_1_0-pre4~115
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=29c4cf0cd12100cb45a6ef59fdbd435954d16d5d;p=oweals%2Fopenssl.git

Update ciphers -s documentation

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
---

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 344e2188aa..9788fa31f0 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -36,9 +36,21 @@ Print a usage message.
 
 =item B<-s>
 
-Only list supported ciphers: those consistent with the security level. This
-is the actual cipher list an application will support. If this option is
-not used then ciphers excluded by the security level will still be listed.
+Only list supported ciphers: those consistent with the security level, and
+minimum and maximum protocol version.
+This is closer to the actual cipher list an application will support.
+
+This program does not set up support for SRP and so SRP based ciphers will
+always be excluded when using this option.
+PSK ciphers are not enabled by default and it requires the B<-psk> to enable
+them.
+It also does not change the default list of supported signature algorithms.
+
+On a server the list of supported ciphers might also exclude other ciphers
+depending on the configured certificates and presence of DH parameters.
+
+If this option is not used then all ciphers that match the cipherlist will be
+listed.
 
 =item B<-psk>