diff options
author | Nikos <nmav@crystal.(none)> | 2008-03-29 13:19:10 +0200 |
---|---|---|
committer | Nikos <nmav@crystal.(none)> | 2008-03-29 13:20:07 +0200 |
commit | 25fa1b5f9ad53dd8c9d5937b5a246337270ebc31 (patch) | |
tree | 5b31eaab6be9a6d1b14e7b49e51cbd94aa06c5a7 | |
parent | 875334b313d63099ba8fc40b2e70ebeeccee8da6 (diff) | |
download | gnutls-25fa1b5f9ad53dd8c9d5937b5a246337270ebc31.tar.gz |
documented the --priority option.
-rw-r--r-- | doc/manpages/gnutls-cli.1 | 76 | ||||
-rw-r--r-- | doc/manpages/gnutls-serv.1 | 75 |
2 files changed, 122 insertions, 29 deletions
diff --git a/doc/manpages/gnutls-cli.1 b/doc/manpages/gnutls-cli.1 index 1b582fc931..aae7f08ca0 100644 --- a/doc/manpages/gnutls-cli.1 +++ b/doc/manpages/gnutls-cli.1 @@ -26,25 +26,71 @@ is received. Prints the program's version number. .SS TLS/SSL control options -.IP "\-\-ciphers \fIcipher1 cipher2...\fR" -Ciphers to enable (use \fBgnutls\-cli \-\-list\fR to show the -supported ciphers). -.IP "\-\-comp \fIcomp1 comp2...\fR" -Compression methods to enable (use \fBgnutls\-cli \-\-list\fR to show -the supported compression methods). +.IP "\-\-priority \fIPRIORITY STRING\fR" +TLS algorithms and protocols to enable. +Unless the first keyword is "NONE" the defaults are: +.IP +Protocols: TLS1.1, TLS1.0, and SSL3.0. +.IP +Compression: NULL. +.IP +Certificate types: X.509, OpenPGP. +.IP +You can also use predefined sets of ciphersuites such as: +.IP +.B "PERFORMANCE" +all the "secure" ciphersuites are enabled, limited to 128 bit +ciphers and sorted by terms of speed performance. +.IP +.B "NORMAL" +option enables all "secure" ciphersuites. The 256-bit ciphers +are included as a fallback only. The ciphers are sorted by security +margin. +.IP +.B "SECURE128" +flag enables all "secure" ciphersuites with ciphers up to +128 bits, sorted by security margin. +.IP +.B "SECURE256" +flag enables all "secure" ciphersuites including the 256 bit +ciphers, sorted by security margin. +.IP +.B "EXPORT" +all the ciphersuites are enabled, including the +low-security 40 bit ciphers. +.IP +.B "NONE" +nothing is enabled. This disables even protocols and +compression methods. +.IP +.IP +Special keywords: +.IP +'!' or '-' appended with an algorithm will remove this algorithm. +.IP +'+' appended with an algorithm will add this algorithm. +.IP +'%COMPAT' will enable compatibility features for a server. +.IP +To avoid collisions in order to specify a compression algorithm in +this string you have to prefix it with "COMP-", protocol versions +with "VERS-" and certificate types with "CTYPE-". All other +algorithms don't need a prefix. +.IP +.B Examples: +.IP +"NORMAL" +.IP +"NORMAL:%COMPAT" +.IP +"NORMAL:!AES-128-CBC" +.IP +"NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL" + .IP "\-\-crlf" Send CR LF instead of LF. -.IP "\-\-ctypes \fIcertType1 certType2...\fR" -Certificate types to enable (use \fBgnutls\-cli \-\-list\fR to show -the supported certificate types). .IP "\-f, \-\-fingerprint" Send the openpgp fingerprint, instead of the key. -.IP "\-\-kx \fIkx1 kx2...\fR" -Key exchange methods to enable (use \fBgnutls\-cli \-\-list\fR to show -the supported key exchange methods). -.IP "\-\-macs \fImac1 mac2...\fR" -MACs (Message Authentication Codes) to enable (use \fBgnutls\-cli -\-\-list\fR to show the supported MACs). .IP "\-p, \-\-port \fIinteger\fR" The port to connect to. .IP "\-\-protocols \fIprotocol1 protocol2...\fR" diff --git a/doc/manpages/gnutls-serv.1 b/doc/manpages/gnutls-serv.1 index b2cc143aa4..c4da337734 100644 --- a/doc/manpages/gnutls-serv.1 +++ b/doc/manpages/gnutls-serv.1 @@ -31,27 +31,74 @@ Act as an HTTP Server. Act as an Echo Server. .SS TLS/SSL control options -.IP "\-\-ciphers \fIcipher1 cipher2...\fR" -Ciphers to enable (use \fBgnutls\-cli \-\-list\fR to show the -supported ciphers). -.IP "\-\-comp \fIcomp1 comp2...\fR" -Compression methods to enable (use \fBgnutls\-cli \-\-list\fR to show -the supported compression methods). -.IP "\-\-ctypes \fIcertType1 certType2...\fR" -Certificate types to enable. +.IP "\-\-priority \fIPRIORITY STRING\fR" +TLS algorithms and protocols to enable. +Unless the first keyword is "NONE" the defaults are: +.IP +Protocols: TLS1.1, TLS1.0, and SSL3.0. +.IP +Compression: NULL. +.IP +Certificate types: X.509, OpenPGP. +.IP +You can also use predefined sets of ciphersuites such as: +.IP +.B "PERFORMANCE" +all the "secure" ciphersuites are enabled, limited to 128 bit +ciphers and sorted by terms of speed performance. +.IP +.B "NORMAL" +option enables all "secure" ciphersuites. The 256-bit ciphers +are included as a fallback only. The ciphers are sorted by security +margin. +.IP +.B "SECURE128" +flag enables all "secure" ciphersuites with ciphers up to +128 bits, sorted by security margin. +.IP +.B "SECURE256" +flag enables all "secure" ciphersuites including the 256 bit +ciphers, sorted by security margin. +.IP +.B "EXPORT" +all the ciphersuites are enabled, including the +low-security 40 bit ciphers. +.IP +.B "NONE" +nothing is enabled. This disables even protocols and +compression methods. +.IP +.IP +Special keywords: +.IP +'!' or '-' appended with an algorithm will remove this algorithm. +.IP +'+' appended with an algorithm will add this algorithm. +.IP +'%COMPAT' will enable compatibility features for a server. +.IP +To avoid collisions in order to specify a compression algorithm in +this string you have to prefix it with "COMP-", protocol versions +with "VERS-" and certificate types with "CTYPE-". All other +algorithms don't need a prefix. +.IP +.B Examples: +.IP +"NORMAL" +.IP +"NORMAL:%COMPAT" +.IP +"NORMAL:!AES-128-CBC" +.IP +"NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL" + .IP "\-g, \-\-generate" Generate Diffie Hellman Parameters. .IP "\-\-kx \fIkx1 kx2...\fR" Key exchange methods to enable (use \fBgnutls\-cli \-\-list\fR to show the supported key exchange methods). -.IP "\-\-macs \fImac1 mac2...\fR" -MACs (Message Authentication Codes) to enable (use \fBgnutls\-cli -\-\-list\fR to show the supported MACs). .IP "\-p, \-\-port \fIinteger\fR" The port to connect to. -.IP "\-\-protocols \fIprotocol1 protocol2...\fR" -Protocols to enable (use \fBgnutls\-cli \-\-list\fR to show the -supported protocols). .SS Certificate options .IP "\-\-pgpcertfile \fIFILE\fR" |