diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 344e2188aa42e963864d47cb17854769c2464003..9788fa31f0e44a54a58053615bc289509c052ee3 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -36,9 +36,21 @@ Print a usage message. =item B<-s> -Only list supported ciphers: those consistent with the security level. This -is the actual cipher list an application will support. If this option is -not used then ciphers excluded by the security level will still be listed. +Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. +This is closer to the actual cipher list an application will support. + +This program does not set up support for SRP and so SRP based ciphers will +always be excluded when using this option. +PSK ciphers are not enabled by default and it requires the B<-psk> to enable +them. +It also does not change the default list of supported signature algorithms. + +On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of DH parameters. + +If this option is not used then all ciphers that match the cipherlist will be +listed. =item B<-psk>