101 -Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are |
101 -Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are |
102 +Protocol version: B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are |
102 +Protocol version: B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are |
103 flagged with SSLv3. No new ciphers were added by TLSv1.1. |
103 flagged with SSLv3. No new ciphers were added by TLSv1.1. |
104 |
104 |
105 =item Kx=<key exchange> |
105 =item Kx=<key exchange> |
106 --- openssl-1.0.1/doc/ssl/SSL_CTX_new.pod Tue Jan 20 04:33:36 2015 |
106 --- openssl-1.0.1/doc/ssl/SSL_CTX_new.pod Tue Mar 1 14:02:53 2016 |
107 +++ openssl-1.0.1/doc/ssl/SSL_CTX_new.pod.new Tue May 26 11:37:24 2015 |
107 +++ openssl-1.0.1/doc/ssl/SSL_CTX_new.pod.new Tue Mar 1 14:35:59 2016 |
108 @@ -25,10 +25,7 @@ |
108 @@ -62,12 +62,12 @@ |
109 |
109 These are the general-purpose I<version-flexible> SSL/TLS methods. |
110 =item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) |
110 The actual protocol version used will be negotiated to the highest version |
111 |
111 mutually supported by the client and the server. |
112 -A TLS/SSL connection established with these methods will only understand |
112 -The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. |
113 -the SSLv2 protocol. A client will send out SSLv2 client hello messages |
113 +The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. |
114 -and will also indicate that it only understand SSLv2. A server will only |
114 Most applications should use these method, and avoid the version specific |
115 -understand SSLv2 client hello messages. |
115 methods described below. |
116 +These functions are deprecated. |
116 |
117 |
117 The list of protocols available can be further limited using the |
118 =item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) |
118 -B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, |
119 |
119 +B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, |
120 @@ -51,33 +48,25 @@ SSLv3 client hello messages. |
120 B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> options of the |
121 |
121 L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions. |
122 =item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) |
122 Clients should avoid creating "holes" in the set of protocols they support, |
123 |
123 @@ -81,8 +81,6 @@ |
124 -A TLS/SSL connection established with these methods may understand the SSLv2, |
124 Applications should typically use L<SSL_CTX_set_options(3)> in combination with |
125 +A TLS/SSL connection established with these methods may understand the |
125 the B<SSL_OP_NO_SSLv3> flag to disable negotiation of SSLv3 via the above |
126 SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. |
126 I<version-flexible> SSL/TLS methods. |
127 |
127 -The B<SSL_OP_NO_SSLv2> option is set by default, and would need to be cleared |
128 -If the cipher list does not contain any SSLv2 ciphersuites (the default |
128 -via L<SSL_CTX_clear_options(3)> in order to enable negotiation of SSLv2. |
129 -cipher list does not) or extensions are required (for example server name) |
129 |
130 +If extensions are required (for example server name) |
130 =item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method() |
131 a client will send out TLSv1 client hello messages including extensions and |
131 |
132 will indicate that it also understands TLSv1.1, TLSv1.2 and permits a |
132 @@ -115,13 +113,7 @@ |
133 fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 |
133 |
134 protocols. This is the best choice when compatibility is a concern. |
134 =item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method() |
135 |
135 |
136 -If any SSLv2 ciphersuites are included in the cipher list and no extensions |
136 -A TLS/SSL connection established with these methods will only understand the |
137 -are required then SSLv2 compatible client hellos will be used by clients and |
137 -SSLv2 protocol. A client will send out SSLv2 client hello messages and will |
138 -SSLv2 will be accepted by servers. This is B<not> recommended due to the |
138 -also indicate that it only understand SSLv2. A server will only understand |
139 -insecurity of SSLv2 and the limited nature of the SSLv2 client hello |
139 -SSLv2 client hello messages. The SSLv2 protocol offers little to no security |
140 -prohibiting the use of extensions. |
140 -and should not be used. |
141 - |
141 -As of OpenSSL 1.0.1s, EXPORT ciphers and 56-bit DES are no longer available |
142 =back |
142 -with SSLv2. |
143 |
143 +The SSLv2 protocol offers little to no security and has been deprecated. |
144 -The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, |
144 |
145 +The list of protocols available can later be limited using the |
145 =item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method() |
146 SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 |
146 |
147 options of the SSL_CTX_set_options() or SSL_set_options() functions. |
|
148 Using these options it is possible to choose e.g. SSLv23_server_method() and |
|
149 be able to negotiate with all possible clients, but to only allow newer |
|
150 protocols like TLSv1, TLSv1.1 or TLS v1.2. |
|
151 |
|
152 -Applications which never want to support SSLv2 (even is the cipher string |
|
153 -is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2. |
|
154 +Applications which never want to support SSLv3 can set SSL_OP_NO_SSLv3. |
|
155 |
|
156 SSL_CTX_new() initializes the list of ciphers, the session cache setting, |
|
157 the callbacks, the keys and certificates and the options to its default |
|
158 --- openssl-1.0.1/doc/ssl/SSL_CTX_set_cipher_list.pod Thu Mar 19 06:37:10 2015 |
147 --- openssl-1.0.1/doc/ssl/SSL_CTX_set_cipher_list.pod Thu Mar 19 06:37:10 2015 |
159 +++ openssl-1.0.1/doc/ssl/SSL_CTX_set_cipher_list.pod.new Tue May 26 11:38:09 2015 |
148 +++ openssl-1.0.1/doc/ssl/SSL_CTX_set_cipher_list.pod.new Tue May 26 11:38:09 2015 |
160 @@ -54,10 +54,6 @@ |
149 @@ -54,10 +54,6 @@ |
161 keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated |
150 keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated |
162 and the handshake will fail. |
151 and the handshake will fail. |
316 =item B<SSL_METHOD> (SSL Method) |
305 =item B<SSL_METHOD> (SSL Method) |
317 |
306 |
318 That's a dispatch structure describing the internal B<ssl> library |
307 That's a dispatch structure describing the internal B<ssl> library |
319 -methods/functions which implement the various protocol versions (SSLv1, SSLv2 |
308 -methods/functions which implement the various protocol versions (SSLv1, SSLv2 |
320 -and TLSv1). It's needed to create an B<SSL_CTX>. |
309 -and TLSv1). It's needed to create an B<SSL_CTX>. |
321 +methods/functions which implement the various protocol versions (SSLv3 |
310 +methods/functions which implement the various protocol versions (SSLv3, |
322 +TLSv1, ...). It's needed to create an B<SSL_CTX>. |
311 +TLSv1, ...). It's needed to create an B<SSL_CTX>. |
323 |
312 |
324 =item B<SSL_CIPHER> (SSL Cipher) |
313 =item B<SSL_CIPHER> (SSL Cipher) |
325 |
314 |
326 @@ -105,8 +104,8 @@ |
315 @@ -93,7 +93,7 @@ |
|
316 |
|
317 =item B<ssl2.h> |
|
318 |
|
319 -That's the sub header file dealing with the SSLv2 protocol only. |
|
320 +That's the sub header file dealing with the deprecated SSLv2 protocol only. |
|
321 I<Usually you don't have to include it explicitly because |
|
322 it's already included by ssl.h>. |
|
323 |
|
324 @@ -105,8 +105,8 @@ |
327 |
325 |
328 =item B<ssl23.h> |
326 =item B<ssl23.h> |
329 |
327 |
330 -That's the sub header file dealing with the combined use of the SSLv2 and |
328 -That's the sub header file dealing with the combined use of the SSLv2 and |
331 -SSLv3 protocols. |
329 -SSLv3 protocols. |
332 +That's the sub header file dealing with the combined use of different |
330 +That's the sub header file dealing with the combined use of the different |
333 +protocol version. |
331 +protocol versions. |
334 I<Usually you don't have to include it explicitly because |
332 I<Usually you don't have to include it explicitly because |
335 it's already included by ssl.h>. |
333 it's already included by ssl.h>. |
336 |
334 |
337 @@ -132,15 +131,15 @@ |
335 @@ -201,15 +201,15 @@ |
|
336 =item const SSL_METHOD *B<SSLv2_method>(void); |
|
337 |
|
338 Constructor for the SSLv2 SSL_METHOD structure for clients, servers |
|
339 -or both. |
|
340 +or both. (deprecated) |
338 |
341 |
339 =item const SSL_METHOD *B<SSLv2_client_method>(void); |
342 =item const SSL_METHOD *B<SSLv2_client_method>(void); |
340 |
343 |
341 -Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. |
344 -Constructor for the SSLv2 SSL_METHOD structure for clients. |
342 +Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. (deprecated) |
345 +Constructor for the SSLv2 SSL_METHOD structure for clients. (deprecated) |
343 |
346 |
344 =item const SSL_METHOD *B<SSLv2_server_method>(void); |
347 =item const SSL_METHOD *B<SSLv2_server_method>(void); |
345 |
348 |
346 -Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. |
349 -Constructor for the SSLv2 SSL_METHOD structure for servers. |
347 +Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. (deprecated) |
350 +Constructor for the SSLv2 SSL_METHOD structure for servers. (deprecated) |
348 |
351 |
349 =item const SSL_METHOD *B<SSLv2_method>(void); |
352 =back |
350 |
353 |
351 -Constructor for the SSLv2 SSL_METHOD structure for combined client and server. |
354 @@ -234,12 +234,12 @@ |
352 +Constructor for the SSLv2 SSL_METHOD structure for combined client and server. (deprecated) |
|
353 |
|
354 =item const SSL_METHOD *B<SSLv3_client_method>(void); |
|
355 |
|
356 @@ -189,12 +188,12 @@ |
|
357 =item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher); |
355 =item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher); |
358 |
356 |
359 Return the internal name of I<cipher> as a string. These are the various |
357 Return the internal name of I<cipher> as a string. These are the various |
360 -strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> |
358 -strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> |
361 +strings defined by the I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> |
359 +strings defined by the I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> |
392 |
390 |
393 =item B<-V> |
391 =item B<-V> |
394 |
392 |
395 @@ -42,10 +38,6 @@ |
393 @@ -42,10 +38,6 @@ |
396 |
394 |
397 only include SSL v3 ciphers. |
395 This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2. |
398 |
396 |
399 -=item B<-ssl2> |
397 -=item B<-ssl2> |
400 - |
398 - |
401 -only include SSL v2 ciphers. |
399 -Only include SSLv2 ciphers. |
402 - |
400 - |
403 =item B<-tls1> |
401 =item B<-h>, B<-?> |
404 |
402 |
405 only include TLS v1 ciphers. |
403 Print a brief usage message. |
406 @@ -246,9 +232,9 @@ |
404 @@ -255,9 +247,9 @@ |
407 ciphers suites using FORTEZZA key exchange, authentication, encryption or all |
405 ciphers suites using FORTEZZA key exchange, authentication, encryption or all |
408 FORTEZZA algorithms. Not implemented. |
406 FORTEZZA algorithms. Not implemented. |
409 |
407 |
410 -=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>, B<SSLv2> |
408 -=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>, B<SSLv2> |
411 +=item B<TLSv1.2>, B<TLSv1>, B<SSLV3> |
409 +=item B<TLSv1.2>, B<TLSv1>, B<SSLv3> |
412 |
410 |
413 -TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note: |
411 -TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note: |
414 +TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites respectively. Note: |
412 +TLS v1.2, TLS v1.0, or SSL v3.0 cipher suites respectively. Note: |
415 there are no ciphersuites specific to TLS v1.1. |
413 there are no ciphersuites specific to TLS v1.1. |
416 |
414 |
417 =item B<AES128>, B<AES256>, B<AES> |
415 =item B<AES128>, B<AES256>, B<AES> |
418 @@ -569,16 +555,6 @@ |
416 @@ -578,16 +570,6 @@ |
419 TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA |
417 TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA |
420 TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA |
418 TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA |
421 |
419 |
422 -=head2 Deprecated SSL v2.0 cipher suites. |
420 -=head2 Deprecated SSL v2.0 cipher suites. |
423 - |
421 - |
424 - SSL_CK_RC4_128_WITH_MD5 RC4-MD5 |
422 - SSL_CK_RC4_128_WITH_MD5 RC4-MD5 |
425 - SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 |
423 - SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented. |
426 - SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 |
424 - SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5 |
427 - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 |
425 - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented. |
428 - SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 |
426 - SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 |
429 - SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 |
427 - SSL_CK_DES_64_CBC_WITH_MD5 Not implemented. |
430 - SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 |
428 - SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 |
431 - |
429 - |
432 =head1 NOTES |
430 =head1 NOTES |
433 |
431 |
434 The non-ephemeral DH modes are currently unimplemented in OpenSSL |
432 The non-ephemeral DH modes are currently unimplemented in OpenSSL |
435 --- openssl-1.0.1/doc/apps/s_client.pod Thu Mar 19 06:37:10 2015 |
433 --- openssl-1.0.1/doc/apps/s_client.pod Tue Mar 1 05:40:03 2016 |
436 +++ openssl-1.0.1/doc/apps/s_client.pod.new Tue May 26 12:15:40 2015 |
434 +++ openssl-1.0.1/doc/apps/s_client.pod.new Tue Mar 1 15:37:40 2016 |
437 @@ -31,10 +31,8 @@ |
435 @@ -32,10 +32,8 @@ |
438 [B<-ign_eof>] |
436 [B<-ign_eof>] |
439 [B<-no_ign_eof>] |
437 [B<-no_ign_eof>] |
440 [B<-quiet>] |
438 [B<-quiet>] |
441 -[B<-ssl2>] |
439 -[B<-ssl2>] |
442 [B<-ssl3>] |
440 [B<-ssl3>] |
443 [B<-tls1>] |
441 [B<-tls1>] |
444 -[B<-no_ssl2>] |
442 -[B<-no_ssl2>] |
445 [B<-no_ssl3>] |
443 [B<-no_ssl3>] |
446 [B<-no_tls1>] |
444 [B<-no_tls1>] |
447 [B<-bugs>] |
445 [B<-bugs>] |
448 @@ -196,11 +196,11 @@ |
446 @@ -197,7 +195,7 @@ |
449 given as a hexadecimal number without leading 0x, for example -psk |
447 given as a hexadecimal number without leading 0x, for example -psk |
450 1a2b3c4d. |
448 1a2b3c4d. |
451 |
449 |
452 -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> |
450 -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> |
453 +=item B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> |
451 +=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> |
454 |
452 |
455 these options disable the use of certain SSL or TLS protocols. By default |
453 These options require or disable the use of the specified SSL or TLS protocols. |
456 the initial handshake uses a method which should be compatible with all |
454 By default the initial handshake uses a I<version-flexible> method which will |
457 -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. |
455 @@ -215,10 +213,6 @@ |
458 +servers and permit them to use SSL v3 or TLS as appropriate. |
|
459 |
|
460 Unfortunately there are a lot of ancient and broken servers in use which |
|
461 cannot handle this technique and will fail to connect. Some servers only |
|
462 @@ -219,10 +219,6 @@ |
|
463 supported cipher in the list sent by the client. See the B<ciphers> |
456 supported cipher in the list sent by the client. See the B<ciphers> |
464 command for more information. |
457 command for more information. |
465 |
458 |
466 -=item B<-serverpref> |
459 -=item B<-serverpref> |
467 - |
460 - |
468 -use the server's cipher preferences; only used for SSLV2. |
461 -use the server's cipher preferences; only used for SSLV2. |
469 - |
462 - |
470 =item B<-starttls protocol> |
463 =item B<-starttls protocol> |
471 |
464 |
472 send the protocol-specific message(s) to switch to TLS for communication. |
465 send the protocol-specific message(s) to switch to TLS for communication. |
473 @@ -299,8 +295,8 @@ |
466 @@ -295,8 +289,8 @@ |
474 then an HTTP command can be given such as "GET /" to retrieve a web page. |
467 then an HTTP command can be given such as "GET /" to retrieve a web page. |
475 |
468 |
476 If the handshake fails then there are several possible causes, if it is |
469 If the handshake fails then there are several possible causes, if it is |
477 -nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, |
470 -nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, |
478 -B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried |
471 -B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried |
479 +nothing obvious like no client certificate then the B<-bugs>, |
472 +nothing obvious like no client certificate then the B<-bugs>, |
480 +B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried |
473 +B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried |
481 in case it is a buggy server. In particular you should play with these |
474 in case it is a buggy server. In particular you should play with these |
482 options B<before> submitting a bug report to an OpenSSL mailing list. |
475 options B<before> submitting a bug report to an OpenSSL mailing list. |
483 |
476 |
484 @@ -322,10 +318,6 @@ |
477 @@ -318,10 +312,6 @@ |
485 If there are problems verifying a server certificate then the |
478 If there are problems verifying a server certificate then the |
486 B<-showcerts> option can be used to show the whole chain. |
479 B<-showcerts> option can be used to show the whole chain. |
487 |
480 |
488 -Since the SSLv23 client hello cannot include compression methods or extensions |
481 -Since the SSLv23 client hello cannot include compression methods or extensions |
489 -these will only be supported if its use is disabled, for example by using the |
482 -these will only be supported if its use is disabled, for example by using the |
490 -B<-no_sslv2> option. |
483 -B<-no_sslv2> option. |
491 - |
484 - |
492 The B<s_client> utility is a test tool and is designed to continue the |
485 The B<s_client> utility is a test tool and is designed to continue the |
493 handshake after any certificate verification errors. As a result it will |
486 handshake after any certificate verification errors. As a result it will |
494 accept any certificate chain (trusted or not) sent by the peer. None test |
487 accept any certificate chain (trusted or not) sent by the peer. None test |
495 --- openssl-1.0.1/doc/apps/s_server.pod Thu Mar 19 06:37:10 2015 |
488 --- openssl-1.0.1/doc/apps/s_server.pod Tue Mar 1 05:40:03 2016 |
496 +++ openssl-1.0.1/doc/apps/s_server.pod.new Tue May 26 12:15:02 2015 |
489 +++ openssl-1.0.1/doc/apps/s_server.pod.new Tue Mar 1 15:38:50 2016 |
497 @@ -38,10 +38,8 @@ |
490 @@ -39,10 +39,8 @@ |
498 [B<-serverpref>] |
491 [B<-serverpref>] |
499 [B<-quiet>] |
492 [B<-quiet>] |
500 [B<-no_tmp_rsa>] |
493 [B<-no_tmp_rsa>] |
501 -[B<-ssl2>] |
494 -[B<-ssl2>] |
502 [B<-ssl3>] |
495 [B<-ssl3>] |
503 [B<-tls1>] |
496 [B<-tls1>] |
504 -[B<-no_ssl2>] |
497 -[B<-no_ssl2>] |
505 [B<-no_ssl3>] |
498 [B<-no_ssl3>] |
506 [B<-no_tls1>] |
499 [B<-no_tls1>] |
507 [B<-no_dhe>] |
500 [B<-no_dhe>] |
508 @@ -216,11 +216,11 @@ |
501 @@ -221,7 +219,7 @@ |
509 given as a hexadecimal number without leading 0x, for example -psk |
502 given as a hexadecimal number without leading 0x, for example -psk |
510 1a2b3c4d. |
503 1a2b3c4d. |
511 |
504 |
512 -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> |
505 -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> |
513 +=item B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> |
506 +=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> |
514 |
507 |
515 these options disable the use of certain SSL or TLS protocols. By default |
508 These options require or disable the use of the specified SSL or TLS protocols. |
516 the initial handshake uses a method which should be compatible with all |
509 By default the initial handshake uses a I<version-flexible> method which will |
517 -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. |
|
518 +servers and permit them to use SSL v3 or TLS as appropriate. |
|
519 |
|
520 =item B<-bugs> |
|
521 |
|
522 --- openssl-1.0.1/doc/apps/s_time.pod Thu Jan 15 06:43:49 2015 |
510 --- openssl-1.0.1/doc/apps/s_time.pod Thu Jan 15 06:43:49 2015 |
523 +++ openssl-1.0.1/doc/apps/s_time.pod.new Tue May 26 12:20:09 2015 |
511 +++ openssl-1.0.1/doc/apps/s_time.pod.new Tue May 26 12:20:09 2015 |
524 @@ -19,7 +19,6 @@ |
512 @@ -19,7 +19,6 @@ |
525 [B<-verify depth>] |
513 [B<-verify depth>] |
526 [B<-nbio>] |
514 [B<-nbio>] |