1 .\" Automatically generated by Pod::Man version 1.15
2 .\" Wed Feb 19 16:49:31 2003
5 .\" ======================================================================
6 .de Sh \" Subsection heading
14 .de Sp \" Vertical space (when we can't use .PP)
20 .ie \\n(.$>=3 .ne \\$3
24 .de Vb \" Begin verbatim text
29 .de Ve \" End verbatim text
34 .\" Set up some character translations and predefined strings. \*(-- will
35 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
36 .\" double quote, and \*(R" will give a right double quote. | will give a
37 .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
38 .\" to do unbreakable dashes and therefore won't be available. \*(C` and
39 .\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
41 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
45 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
46 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
59 .\" If the F register is turned on, we'll generate index entries on stderr
60 .\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
61 .\" index entries marked with X<> in POD. Of course, you'll have to process
62 .\" the output yourself in some meaningful fashion.
65 . tm Index:\\$1\t\\n%\t"\\$2"
71 .\" For nroff, turn off justification. Always turn off hyphenation; it
72 .\" makes way too many mistakes in technical documents.
76 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
77 .\" Fear. Run. Save yourself. No user-serviceable parts.
79 . \" fudge factors for nroff and troff
88 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
94 . \" simple accents for nroff and troff
104 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
105 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
106 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
107 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
108 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
109 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
111 . \" troff and (daisy-wheel) nroff accents
112 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
113 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
114 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
115 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
116 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
117 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
118 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
119 .ds ae a\h'-(\w'a'u*4/10)'e
120 .ds Ae A\h'-(\w'A'u*4/10)'E
121 . \" corrections for vroff
122 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
123 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
124 . \" for low resolution devices (crt and lpr)
125 .if \n(.H>23 .if \n(.V>19 \
138 .\" ======================================================================
140 .IX Title "CIPHERS 1"
141 .TH CIPHERS 1 "0.9.7a" "2003-02-19" "OpenSSL"
144 ciphers \- \s-1SSL\s0 cipher display and cipher list tool.
146 .IX Header "SYNOPSIS"
147 \&\fBopenssl\fR \fBciphers\fR
154 .IX Header "DESCRIPTION"
155 The \fBcipherlist\fR command converts OpenSSL cipher lists into ordered
156 \&\s-1SSL\s0 cipher preference lists. It can be used as a test tool to determine
157 the appropriate cipherlist.
158 .SH "COMMAND OPTIONS"
159 .IX Header "COMMAND OPTIONS"
162 verbose option. List ciphers with a complete description of
163 protocol version (SSLv2 or SSLv3; the latter includes \s-1TLS\s0), key exchange,
164 authentication, encryption and mac algorithms used along with any key size
165 restrictions and whether the algorithm is classed as an \*(L"export\*(R" cipher.
166 Note that without the \fB\-v\fR option, ciphers may seem to appear twice
167 in a cipher list; this is when similar ciphers are available for
168 \&\s-1SSL\s0 v2 and for \s-1SSL\s0 v3/TLS v1.
171 only include \s-1SSL\s0 v3 ciphers.
174 only include \s-1SSL\s0 v2 ciphers.
177 only include \s-1TLS\s0 v1 ciphers.
178 .Ip "\fB\-h\fR, \fB\-?\fR" 4
180 print a brief usage message.
181 .Ip "\fBcipherlist\fR" 4
182 .IX Item "cipherlist"
183 a cipher list to convert to a cipher preference list. If it is not included
184 then the default cipher list will be used. The format is described below.
185 .SH "CIPHER LIST FORMAT"
186 .IX Header "CIPHER LIST FORMAT"
187 The cipher list consists of one or more \fIcipher strings\fR separated by colons.
188 Commas or spaces are also acceptable separators but colons are normally used.
190 The actual cipher string can take several different forms.
192 It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR.
194 It can represent a list of cipher suites containing a certain algorithm, or
195 cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers
196 suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3
199 Lists of cipher suites can be combined in a single cipher string using the
200 \&\fB+\fR character. This is used as a logical \fBand\fR operation. For example
201 \&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0
204 Each cipher string can be optionally preceded by the characters \fB!\fR,
205 \&\fB-\fR or \fB+\fR.
207 If \fB!\fR is used then the ciphers are permanently deleted from the list.
208 The ciphers deleted can never reappear in the list even if they are
211 If \fB-\fR is used then the ciphers are deleted from the list, but some or
212 all of the ciphers can be added again by later options.
214 If \fB+\fR is used then the ciphers are moved to the end of the list. This
215 option doesn't add any new ciphers it just moves matching existing ones.
217 If none of these characters is present then the string is just interpreted
218 as a list of ciphers to be appended to the current preference list. If the
219 list includes any ciphers already present they will be ignored: that is they
220 will not moved to the end of the list.
222 Additionally the cipher string \fB@STRENGTH\fR can be used at any point to sort
223 the current cipher list in order of encryption algorithm key length.
225 .IX Header "CIPHER STRINGS"
226 The following is a list of all permitted cipher strings and their meanings.
227 .Ip "\fB\s-1DEFAULT\s0\fR" 4
229 the default cipher list. This is determined at compile time and is normally
230 \&\fB\s-1ALL:\s0!ADH:RC4+RSA:+SSLv2:@STRENGTH\fR. This must be the first cipher string
232 .Ip "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4
233 .IX Item "COMPLEMENTOFDEFAULT"
234 the ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently
235 this is \fB\s-1ADH\s0\fR. Note that this rule does not cover \fBeNULL\fR, which is
236 not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if necessary).
237 .Ip "\fB\s-1ALL\s0\fR" 4
239 all ciphers suites except the \fBeNULL\fR ciphers which must be explicitly enabled.
240 .Ip "\fB\s-1COMPLEMENTOFALL\s0\fR" 4
241 .IX Item "COMPLEMENTOFALL"
242 the cipher suites not enabled by \fB\s-1ALL\s0\fR, currently being \fBeNULL\fR.
243 .Ip "\fB\s-1HIGH\s0\fR" 4
245 \&\*(L"high\*(R" encryption cipher suites. This currently means those with key lengths larger
247 .Ip "\fB\s-1MEDIUM\s0\fR" 4
249 \&\*(L"medium\*(R" encryption cipher suites, currently those using 128 bit encryption.
250 .Ip "\fB\s-1LOW\s0\fR" 4
252 \&\*(L"low\*(R" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
253 but excluding export cipher suites.
254 .Ip "\fB\s-1EXP\s0\fR, \fB\s-1EXPORT\s0\fR" 4
255 .IX Item "EXP, EXPORT"
256 export encryption algorithms. Including 40 and 56 bits algorithms.
257 .Ip "\fB\s-1EXPORT40\s0\fR" 4
259 40 bit export encryption algorithms
260 .Ip "\fB\s-1EXPORT56\s0\fR" 4
262 56 bit export encryption algorithms.
263 .Ip "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4
264 .IX Item "eNULL, NULL"
265 the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no
266 encryption at all and are a security risk they are disabled unless explicitly
270 the cipher suites offering no authentication. This is currently the anonymous
271 \&\s-1DH\s0 algorithms. These cipher suites are vulnerable to a \*(L"man in the middle\*(R"
272 attack and so their use is normally discouraged.
273 .Ip "\fBkRSA\fR, \fB\s-1RSA\s0\fR" 4
275 cipher suites using \s-1RSA\s0 key exchange.
278 cipher suites using ephemeral \s-1DH\s0 key agreement.
279 .Ip "\fBkDHr\fR, \fBkDHd\fR" 4
280 .IX Item "kDHr, kDHd"
281 cipher suites using \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs with \s-1RSA\s0
282 and \s-1DSS\s0 keys respectively. Not implemented.
285 cipher suites using \s-1RSA\s0 authentication, i.e. the certificates carry \s-1RSA\s0 keys.
286 .Ip "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4
288 cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys.
291 cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry
292 \&\s-1DH\s0 keys. Not implemented.
293 .Ip "\fBkFZA\fR, \fBaFZA\fR, \fBeFZA\fR, \fB\s-1FZA\s0\fR" 4
294 .IX Item "kFZA, aFZA, eFZA, FZA"
295 ciphers suites using \s-1FORTEZZA\s0 key exchange, authentication, encryption or all
296 \&\s-1FORTEZZA\s0 algorithms. Not implemented.
297 .Ip "\fBTLSv1\fR, \fBSSLv3\fR, \fBSSLv2\fR" 4
298 .IX Item "TLSv1, SSLv3, SSLv2"
299 \&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively.
300 .Ip "\fB\s-1DH\s0\fR" 4
302 cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0.
303 .Ip "\fB\s-1ADH\s0\fR" 4
305 anonymous \s-1DH\s0 cipher suites.
306 .Ip "\fB\s-1AES\s0\fR" 4
308 cipher suites using \s-1AES\s0.
311 cipher suites using triple \s-1DES\s0.
312 .Ip "\fB\s-1DES\s0\fR" 4
314 cipher suites using \s-1DES\s0 (not triple \s-1DES\s0).
315 .Ip "\fB\s-1RC4\s0\fR" 4
317 cipher suites using \s-1RC4\s0.
318 .Ip "\fB\s-1RC2\s0\fR" 4
320 cipher suites using \s-1RC2\s0.
321 .Ip "\fB\s-1IDEA\s0\fR" 4
323 cipher suites using \s-1IDEA\s0.
324 .Ip "\fB\s-1MD5\s0\fR" 4
326 cipher suites using \s-1MD5\s0.
327 .Ip "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4
329 cipher suites using \s-1SHA1\s0.
330 .SH "CIPHER SUITE NAMES"
331 .IX Header "CIPHER SUITE NAMES"
332 The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the
333 relevant specification and their OpenSSL equivalents. It should be noted,
334 that several cipher suite names do not include the authentication used,
335 e.g. \s-1DES-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
336 .Sh "\s-1SSL\s0 v3.0 cipher suites."
337 .IX Subsection "SSL v3.0 cipher suites."
339 \& SSL_RSA_WITH_NULL_MD5 NULL-MD5
340 \& SSL_RSA_WITH_NULL_SHA NULL-SHA
341 \& SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
342 \& SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
343 \& SSL_RSA_WITH_RC4_128_SHA RC4-SHA
344 \& SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
345 \& SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
346 \& SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
347 \& SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
348 \& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
351 \& SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
352 \& SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
353 \& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
354 \& SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
355 \& SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
356 \& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
357 \& SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
358 \& SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
359 \& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
360 \& SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
361 \& SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
362 \& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
365 \& SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
366 \& SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
367 \& SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
368 \& SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
369 \& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
372 \& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
373 \& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
374 \& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
376 .Sh "\s-1TLS\s0 v1.0 cipher suites."
377 .IX Subsection "TLS v1.0 cipher suites."
379 \& TLS_RSA_WITH_NULL_MD5 NULL-MD5
380 \& TLS_RSA_WITH_NULL_SHA NULL-SHA
381 \& TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
382 \& TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
383 \& TLS_RSA_WITH_RC4_128_SHA RC4-SHA
384 \& TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
385 \& TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
386 \& TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
387 \& TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
388 \& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
391 \& TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
392 \& TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
393 \& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
394 \& TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
395 \& TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
396 \& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
397 \& TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
398 \& TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
399 \& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
400 \& TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
401 \& TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
402 \& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
405 \& TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
406 \& TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
407 \& TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
408 \& TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
409 \& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
411 .Sh "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0"
412 .IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0"
414 \& TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
415 \& TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
418 \& TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA
419 \& TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA
420 \& TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA
421 \& TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA
424 \& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
425 \& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
426 \& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
427 \& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
430 \& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
431 \& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
433 .Sh "Additional Export 1024 and other cipher suites"
434 .IX Subsection "Additional Export 1024 and other cipher suites"
435 Note: these ciphers can also be used in \s-1SSL\s0 v3.
438 \& TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
439 \& TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
440 \& TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
441 \& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
442 \& TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
444 .Sh "\s-1SSL\s0 v2.0 cipher suites."
445 .IX Subsection "SSL v2.0 cipher suites."
447 \& SSL_CK_RC4_128_WITH_MD5 RC4-MD5
448 \& SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
449 \& SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
450 \& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
451 \& SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
452 \& SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
453 \& SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
457 The non-ephemeral \s-1DH\s0 modes are currently unimplemented in OpenSSL
458 because there is no support for \s-1DH\s0 certificates.
460 Some compiled versions of OpenSSL may not include all the ciphers
461 listed here because some ciphers were excluded at compile time.
463 .IX Header "EXAMPLES"
464 Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers:
467 \& openssl ciphers -v 'ALL:eNULL'
469 Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by
473 \& openssl ciphers -v 'ALL:!ADH:@STRENGTH'
475 Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last:
478 \& openssl ciphers -v '3DES:+RSA'
480 Include all \s-1RC4\s0 ciphers but leave out those without authentication:
483 \& openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
485 Include all chiphers with \s-1RSA\s0 authentication but leave out ciphers without
489 \& openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
492 .IX Header "SEE ALSO"
493 s_client(1), s_server(1), ssl(3)
496 The \fB\s-1COMPLENTOFALL\s0\fR and \fB\s-1COMPLEMENTOFDEFAULT\s0\fR selection options were
497 added in version 0.9.7.