From dd3430a6e91d236e4e72ee6f214faba6d5d19e59 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Tue, 19 Sep 2000 23:10:32 +0000
Subject: [PATCH] Extend the docs on setting the cipher list.  Lutz Jaenicke
 <Lutz.Jaenicke@aet.TU-Cottbus.DE>

---
 doc/ssl/SSL_CTX_set_cipher_list.pod | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod
index b8c1a3ff96..272d6b3de2 100644
--- a/doc/ssl/SSL_CTX_set_cipher_list.pod
+++ b/doc/ssl/SSL_CTX_set_cipher_list.pod
@@ -30,6 +30,15 @@ corresponding ciphers are not compiled in or because they are mistyped,
 are simply ignored. Failure is only flagged if no ciphers could be collected
 at all.
 
+It should be noted, that inclusion of a cipher to be used into the list is
+a necessary condition. On the client side, the inclusion into the list is
+also sufficient. On the server side, additional restrictions apply. All ciphers
+have additional requirements. ADH ciphers don't need a certificate, but
+DH-parameters must have been set. All other ciphers need a corresponding
+certificate and key. A RSA cipher can only be chosen, when a RSA certificate is
+available, the respective is valid for DSA ciphers. Ciphers using EDH need
+a certificate and key and DH-parameters.
+
 =head1 RETURN VALUES
 
 SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher
-- 
GitLab