CMSCOPE changed

1 files changed, 531 insertions, 0 deletions

diff --git a/usr/man/man1/ciphers.1 b/usr/man/man1/ciphers.1
new file mode 100755
index 000000000..47bb0cb92
--- /dev/null
+++ b/usr/man/man1/ciphers.1
@@ -0,0 +1,531 @@
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CIPHERS 1"
+.TH CIPHERS 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ciphers \- SSL cipher display and cipher list tool.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBciphers\fR
+[\fB\-v\fR]
+[\fB\-ssl2\fR]
+[\fB\-ssl3\fR]
+[\fB\-tls1\fR]
+[\fBcipherlist\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBcipherlist\fR command converts OpenSSL cipher lists into ordered
+\&\s-1SSL\s0 cipher preference lists. It can be used as a test tool to determine
+the appropriate cipherlist.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-v\fR" 4
+.IX Item "-v"
+verbose option. List ciphers with a complete description of
+protocol version (SSLv2 or SSLv3; the latter includes \s-1TLS\s0), key exchange,
+authentication, encryption and mac algorithms used along with any key size
+restrictions and whether the algorithm is classed as an \*(L"export\*(R" cipher.
+Note that without the \fB\-v\fR option, ciphers may seem to appear twice
+in a cipher list; this is when similar ciphers are available for
+\&\s-1SSL\s0 v2 and for \s-1SSL\s0 v3/TLS v1.
+.IP "\fB\-ssl3\fR" 4
+.IX Item "-ssl3"
+only include \s-1SSL\s0 v3 ciphers.
+.IP "\fB\-ssl2\fR" 4
+.IX Item "-ssl2"
+only include \s-1SSL\s0 v2 ciphers.
+.IP "\fB\-tls1\fR" 4
+.IX Item "-tls1"
+only include \s-1TLS\s0 v1 ciphers.
+.IP "\fB\-h\fR, \fB\-?\fR" 4
+.IX Item "-h, -?"
+print a brief usage message.
+.IP "\fBcipherlist\fR" 4
+.IX Item "cipherlist"
+a cipher list to convert to a cipher preference list. If it is not included
+then the default cipher list will be used. The format is described below.
+.SH "CIPHER LIST FORMAT"
+.IX Header "CIPHER LIST FORMAT"
+The cipher list consists of one or more \fIcipher strings\fR separated by colons.
+Commas or spaces are also acceptable separators but colons are normally used.
+.PP
+The actual cipher string can take several different forms.
+.PP
+It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR.
+.PP
+It can represent a list of cipher suites containing a certain algorithm, or
+cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers
+suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3
+algorithms.
+.PP
+Lists of cipher suites can be combined in a single cipher string using the
+\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example
+\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1 \s0\fBand\fR the \s-1DES\s0
+algorithms.
+.PP
+Each cipher string can be optionally preceded by the characters \fB!\fR,
+\&\fB\-\fR or \fB+\fR.
+.PP
+If \fB!\fR is used then the ciphers are permanently deleted from the list.
+The ciphers deleted can never reappear in the list even if they are
+explicitly stated.
+.PP
+If \fB\-\fR is used then the ciphers are deleted from the list, but some or
+all of the ciphers can be added again by later options.
+.PP
+If \fB+\fR is used then the ciphers are moved to the end of the list. This
+option doesn't add any new ciphers it just moves matching existing ones.
+.PP
+If none of these characters is present then the string is just interpreted
+as a list of ciphers to be appended to the current preference list. If the
+list includes any ciphers already present they will be ignored: that is they
+will not moved to the end of the list.
+.PP
+Additionally the cipher string \fB\f(CB@STRENGTH\fB\fR can be used at any point to sort
+the current cipher list in order of encryption algorithm key length.
+.SH "CIPHER STRINGS"
+.IX Header "CIPHER STRINGS"
+The following is a list of all permitted cipher strings and their meanings.
+.IP "\fB\s-1DEFAULT\s0\fR" 4
+.IX Item "DEFAULT"
+the default cipher list. This is determined at compile time and is normally
+\&\fB\s-1AES:ALL:\s0!aNULL:!eNULL:+RC4:@STRENGTH\fR. This must be the first cipher string
+specified.
+.IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4
+.IX Item "COMPLEMENTOFDEFAULT"
+the ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently
+this is \fB\s-1ADH\s0\fR. Note that this rule does not cover \fBeNULL\fR, which is
+not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if necessary).
+.IP "\fB\s-1ALL\s0\fR" 4
+.IX Item "ALL"
+all ciphers suites except the \fBeNULL\fR ciphers which must be explicitly enabled.
+.IP "\fB\s-1COMPLEMENTOFALL\s0\fR" 4
+.IX Item "COMPLEMENTOFALL"
+the cipher suites not enabled by \fB\s-1ALL\s0\fR, currently being \fBeNULL\fR.
+.IP "\fB\s-1HIGH\s0\fR" 4
+.IX Item "HIGH"
+\&\*(L"high\*(R" encryption cipher suites. This currently means those with key lengths larger
+than 128 bits, and some cipher suites with 128\-bit keys.
+.IP "\fB\s-1MEDIUM\s0\fR" 4
+.IX Item "MEDIUM"
+\&\*(L"medium\*(R" encryption cipher suites, currently some of those using 128 bit encryption.
+.IP "\fB\s-1LOW\s0\fR" 4
+.IX Item "LOW"
+\&\*(L"low\*(R" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
+but excluding export cipher suites.
+.IP "\fB\s-1EXP\s0\fR, \fB\s-1EXPORT\s0\fR" 4
+.IX Item "EXP, EXPORT"
+export encryption algorithms. Including 40 and 56 bits algorithms.
+.IP "\fB\s-1EXPORT40\s0\fR" 4
+.IX Item "EXPORT40"
+40 bit export encryption algorithms
+.IP "\fB\s-1EXPORT56\s0\fR" 4
+.IX Item "EXPORT56"
+56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
+56 bit export ciphers is empty unless OpenSSL has been explicitly configured
+with support for experimental ciphers.
+.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4
+.IX Item "eNULL, NULL"
+the \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no
+encryption at all and are a security risk they are disabled unless explicitly
+included.
+.IP "\fBaNULL\fR" 4
+.IX Item "aNULL"
+the cipher suites offering no authentication. This is currently the anonymous
+\&\s-1DH\s0 algorithms. These cipher suites are vulnerable to a \*(L"man in the middle\*(R"
+attack and so their use is normally discouraged.
+.IP "\fBkRSA\fR, \fB\s-1RSA\s0\fR" 4
+.IX Item "kRSA, RSA"
+cipher suites using \s-1RSA\s0 key exchange.
+.IP "\fBkEDH\fR" 4
+.IX Item "kEDH"
+cipher suites using ephemeral \s-1DH\s0 key agreement.
+.IP "\fBkDHr\fR, \fBkDHd\fR" 4
+.IX Item "kDHr, kDHd"
+cipher suites using \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs with \s-1RSA\s0
+and \s-1DSS\s0 keys respectively. Not implemented.
+.IP "\fBaRSA\fR" 4
+.IX Item "aRSA"
+cipher suites using \s-1RSA\s0 authentication, i.e. the certificates carry \s-1RSA\s0 keys.
+.IP "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4
+.IX Item "aDSS, DSS"
+cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys.
+.IP "\fBaDH\fR" 4
+.IX Item "aDH"
+cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry
+\&\s-1DH\s0 keys.  Not implemented.
+.IP "\fBkFZA\fR, \fBaFZA\fR, \fBeFZA\fR, \fB\s-1FZA\s0\fR" 4
+.IX Item "kFZA, aFZA, eFZA, FZA"
+ciphers suites using \s-1FORTEZZA\s0 key exchange, authentication, encryption or all
+\&\s-1FORTEZZA\s0 algorithms. Not implemented.
+.IP "\fBTLSv1\fR, \fBSSLv3\fR, \fBSSLv2\fR" 4
+.IX Item "TLSv1, SSLv3, SSLv2"
+\&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively.
+.IP "\fB\s-1DH\s0\fR" 4
+.IX Item "DH"
+cipher suites using \s-1DH,\s0 including anonymous \s-1DH.\s0
+.IP "\fB\s-1ADH\s0\fR" 4
+.IX Item "ADH"
+anonymous \s-1DH\s0 cipher suites.
+.IP "\fB\s-1AES\s0\fR" 4
+.IX Item "AES"
+cipher suites using \s-1AES.\s0
+.IP "\fB\s-1CAMELLIA\s0\fR" 4
+.IX Item "CAMELLIA"
+cipher suites using Camellia.
+.IP "\fB3DES\fR" 4
+.IX Item "3DES"
+cipher suites using triple \s-1DES.\s0
+.IP "\fB\s-1DES\s0\fR" 4
+.IX Item "DES"
+cipher suites using \s-1DES \s0(not triple \s-1DES\s0).
+.IP "\fB\s-1RC4\s0\fR" 4
+.IX Item "RC4"
+cipher suites using \s-1RC4.\s0
+.IP "\fB\s-1RC2\s0\fR" 4
+.IX Item "RC2"
+cipher suites using \s-1RC2.\s0
+.IP "\fB\s-1IDEA\s0\fR" 4
+.IX Item "IDEA"
+cipher suites using \s-1IDEA.\s0
+.IP "\fB\s-1SEED\s0\fR" 4
+.IX Item "SEED"
+cipher suites using \s-1SEED.\s0
+.IP "\fB\s-1MD5\s0\fR" 4
+.IX Item "MD5"
+cipher suites using \s-1MD5.\s0
+.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4
+.IX Item "SHA1, SHA"
+cipher suites using \s-1SHA1.\s0
+.SH "CIPHER SUITE NAMES"
+.IX Header "CIPHER SUITE NAMES"
+The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the
+relevant specification and their OpenSSL equivalents. It should be noted,
+that several cipher suite names do not include the authentication used,
+e.g. \s-1DES\-CBC3\-SHA.\s0 In these cases, \s-1RSA\s0 authentication is used.
+.SS "\s-1SSL\s0 v3.0 cipher suites."
+.IX Subsection "SSL v3.0 cipher suites."
+.Vb 10
+\& SSL_RSA_WITH_NULL_MD5                   NULL\-MD5
+\& SSL_RSA_WITH_NULL_SHA                   NULL\-SHA
+\& SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP\-RC4\-MD5
+\& SSL_RSA_WITH_RC4_128_MD5                RC4\-MD5
+\& SSL_RSA_WITH_RC4_128_SHA                RC4\-SHA
+\& SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP\-RC2\-CBC\-MD5
+\& SSL_RSA_WITH_IDEA_CBC_SHA               IDEA\-CBC\-SHA
+\& SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP\-DES\-CBC\-SHA
+\& SSL_RSA_WITH_DES_CBC_SHA                DES\-CBC\-SHA
+\& SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES\-CBC3\-SHA
+\&
+\& SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+\& SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
+\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+\& SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+\& SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
+\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+\& SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP\-EDH\-DSS\-DES\-CBC\-SHA
+\& SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH\-DSS\-CBC\-SHA
+\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH\-DSS\-DES\-CBC3\-SHA
+\& SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP\-EDH\-RSA\-DES\-CBC\-SHA
+\& SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH\-RSA\-DES\-CBC\-SHA
+\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH\-RSA\-DES\-CBC3\-SHA
+\&
+\& SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP\-ADH\-RC4\-MD5
+\& SSL_DH_anon_WITH_RC4_128_MD5            ADH\-RC4\-MD5
+\& SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP\-ADH\-DES\-CBC\-SHA
+\& SSL_DH_anon_WITH_DES_CBC_SHA            ADH\-DES\-CBC\-SHA
+\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH\-DES\-CBC3\-SHA
+\&
+\& SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
+\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
+\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
+.Ve
+.SS "\s-1TLS\s0 v1.0 cipher suites."
+.IX Subsection "TLS v1.0 cipher suites."
+.Vb 10
+\& TLS_RSA_WITH_NULL_MD5                   NULL\-MD5
+\& TLS_RSA_WITH_NULL_SHA                   NULL\-SHA
+\& TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP\-RC4\-MD5
+\& TLS_RSA_WITH_RC4_128_MD5                RC4\-MD5
+\& TLS_RSA_WITH_RC4_128_SHA                RC4\-SHA
+\& TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP\-RC2\-CBC\-MD5
+\& TLS_RSA_WITH_IDEA_CBC_SHA               IDEA\-CBC\-SHA
+\& TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP\-DES\-CBC\-SHA
+\& TLS_RSA_WITH_DES_CBC_SHA                DES\-CBC\-SHA
+\& TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES\-CBC3\-SHA
+\&
+\& TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+\& TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
+\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+\& TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+\& TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
+\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+\& TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP\-EDH\-DSS\-DES\-CBC\-SHA
+\& TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH\-DSS\-CBC\-SHA
+\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH\-DSS\-DES\-CBC3\-SHA
+\& TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP\-EDH\-RSA\-DES\-CBC\-SHA
+\& TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH\-RSA\-DES\-CBC\-SHA
+\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH\-RSA\-DES\-CBC3\-SHA
+\&
+\& TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP\-ADH\-RC4\-MD5
+\& TLS_DH_anon_WITH_RC4_128_MD5            ADH\-RC4\-MD5
+\& TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP\-ADH\-DES\-CBC\-SHA
+\& TLS_DH_anon_WITH_DES_CBC_SHA            ADH\-DES\-CBC\-SHA
+\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH\-DES\-CBC3\-SHA
+.Ve
+.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268,\s0 extending \s-1TLS\s0 v1.0"
+.IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0"
+.Vb 2
+\& TLS_RSA_WITH_AES_128_CBC_SHA            AES128\-SHA
+\& TLS_RSA_WITH_AES_256_CBC_SHA            AES256\-SHA
+\&
+\& TLS_DH_DSS_WITH_AES_128_CBC_SHA         Not implemented.
+\& TLS_DH_DSS_WITH_AES_256_CBC_SHA         Not implemented.
+\& TLS_DH_RSA_WITH_AES_128_CBC_SHA         Not implemented.
+\& TLS_DH_RSA_WITH_AES_256_CBC_SHA         Not implemented.
+\&
+\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE\-DSS\-AES128\-SHA
+\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE\-DSS\-AES256\-SHA
+\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE\-RSA\-AES128\-SHA
+\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE\-RSA\-AES256\-SHA
+\&
+\& TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH\-AES128\-SHA
+\& TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH\-AES256\-SHA
+.Ve
+.SS "Camellia ciphersuites from \s-1RFC4132,\s0 extending \s-1TLS\s0 v1.0"
+.IX Subsection "Camellia ciphersuites from RFC4132, extending TLS v1.0"
+.Vb 2
+\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128\-SHA
+\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256\-SHA
+\&
+\& TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
+\& TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
+\& TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
+\& TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
+\&
+\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE\-DSS\-CAMELLIA128\-SHA
+\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE\-DSS\-CAMELLIA256\-SHA
+\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE\-RSA\-CAMELLIA128\-SHA
+\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE\-RSA\-CAMELLIA256\-SHA
+\&
+\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH\-CAMELLIA128\-SHA
+\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH\-CAMELLIA256\-SHA
+.Ve
+.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162,\s0 extending \s-1TLS\s0 v1.0"
+.IX Subsection "SEED ciphersuites from RFC4162, extending TLS v1.0"
+.Vb 1
+\& TLS_RSA_WITH_SEED_CBC_SHA              SEED\-SHA
+\&
+\& TLS_DH_DSS_WITH_SEED_CBC_SHA           Not implemented.
+\& TLS_DH_RSA_WITH_SEED_CBC_SHA           Not implemented.
+\&
+\& TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE\-DSS\-SEED\-SHA
+\& TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE\-RSA\-SEED\-SHA
+\&
+\& TLS_DH_anon_WITH_SEED_CBC_SHA          ADH\-SEED\-SHA
+.Ve
+.SS "Additional Export 1024 and other cipher suites"
+.IX Subsection "Additional Export 1024 and other cipher suites"
+Note: these ciphers can also be used in \s-1SSL\s0 v3.
+.PP
+.Vb 5
+\& TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024\-DES\-CBC\-SHA
+\& TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024\-RC4\-SHA
+\& TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024\-DHE\-DSS\-DES\-CBC\-SHA
+\& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024\-DHE\-DSS\-RC4\-SHA
+\& TLS_DHE_DSS_WITH_RC4_128_SHA            DHE\-DSS\-RC4\-SHA
+.Ve
+.SS "\s-1SSL\s0 v2.0 cipher suites."
+.IX Subsection "SSL v2.0 cipher suites."
+.Vb 7
+\& SSL_CK_RC4_128_WITH_MD5                 RC4\-MD5
+\& SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP\-RC4\-MD5
+\& SSL_CK_RC2_128_CBC_WITH_MD5             RC2\-MD5
+\& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP\-RC2\-MD5
+\& SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA\-CBC\-MD5
+\& SSL_CK_DES_64_CBC_WITH_MD5              DES\-CBC\-MD5
+\& SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES\-CBC3\-MD5
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+The non-ephemeral \s-1DH\s0 modes are currently unimplemented in OpenSSL
+because there is no support for \s-1DH\s0 certificates.
+.PP
+Some compiled versions of OpenSSL may not include all the ciphers
+listed here because some ciphers were excluded at compile time.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers:
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(AqALL:eNULL\*(Aq
+.Ve
+.PP
+Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by
+strength:
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(AqALL:!ADH:@STRENGTH\*(Aq
+.Ve
+.PP
+Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last:
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(Aq3DES:+RSA\*(Aq
+.Ve
+.PP
+Include all \s-1RC4\s0 ciphers but leave out those without authentication:
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(AqRC4:!COMPLEMENTOFDEFAULT\*(Aq
+.Ve
+.PP
+Include all chiphers with \s-1RSA\s0 authentication but leave out ciphers without
+encryption.
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(AqRSA:!COMPLEMENTOFALL\*(Aq
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIssl\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fB\s-1COMPLENTOFALL\s0\fR and \fB\s-1COMPLEMENTOFDEFAULT\s0\fR selection options were
+added in version 0.9.7.