more details to ssl libs
authorAdi Kriegisch <adi@kriegisch.at>
Mon, 16 Dec 2013 20:24:05 +0000 (21:24 +0100)
committerAdi Kriegisch <adi@kriegisch.at>
Mon, 16 Dec 2013 20:24:05 +0000 (21:24 +0100)
src/ssllibs.tex

index 8c0cb3d..04a41c5 100644 (file)
@@ -41,23 +41,24 @@ your systems support on how you may get the most security out of your systems.
 Choosing cipher strings requires the use of an intermediate language that allows selection
 and deselection of ciphers, key exchange mechanisms, MACs and combinations of those.
 Common combinators consist of \texttt{+}, \texttt{-} and \texttt{!}
-\begin{center}
 
+\begin{center}
 \begin{tabular}{rll}
 \toprule
 \textbf{combinator} & \textbf{effect}                   & \textbf{example}\\\cmidrule(lr){1-3}
-           \verb|+| & add at this position              & \verb|+SHA256|      \\
-           \verb|-| & remove at the current position    & \verb|-SSLv3|       \\
-           \verb|!| & permanently remove from selection & \verb|!3DES|        \\
- (OpenSSL) \verb|@| & special command                   & \verb|@STRENGTH|    \\
-  (GnuTLS) \verb|%| & special command                   & \verb|%NEW_PADDING| \\
+           \verb|+| & add at this position              & \verb|ALL:+SHA256|        \\
+           \verb|-| & remove at the current position    & \verb|ALL:-SSLv3|         \\
+           \verb|!| & permanently remove from selection & \verb|ALL:!3DES:!RC4|     \\
+ (OpenSSL) \verb|@| & special command                   & \verb|ALL@STRENGTH|       \\
+  (GnuTLS) \verb|%| & special command                   & \verb|NORMAL%NEW_PADDING| \\
 \bottomrule
 \end{tabular}
 \end{center}
 
-
-%http://www.gnutls.org/manual/html_node/Priority-Strings.html
-%https://www.openssl.org/docs/apps/ciphers.html
+A list of special strings to use can be found in
+\url{http://www.gnutls.org/manual/html_node/Priority-Strings.html} for GnuTLS or
+\url{https://www.openssl.org/docs/apps/ciphers.html} for OpenSSL. There is, however, no
+common syntax for a cipher string throughout different SSL libraries.
 
 %%azet: 
 % I think we should neglect this section since we do