Document --ssl-ciphers. Fixes #20

2026-01-01 04:19:02 +00:00 · 2015-01-11 23:38:00 +00:00
parent 6c41e00a5f
commit 40ca4cb396
3 changed files with 33 additions and 0 deletions
--- a/ncat/docs/ncat.xml
+++ b/ncat/docs/ncat.xml
@@ -381,6 +381,20 @@
          use its default certificates.</para>
        </listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>--ssl-ciphers <replaceable>cipherlist</replaceable></option> (Specify SSL ciphersuites)
+          <indexterm><primary><option>--ssl-ciphers</option> (Ncat option)</primary></indexterm>
+        </term>
+        <listitem>
+          <para>This option sets the list of ciphersuites that Ncat will use
+            when connecting to servers or when accepting SSL connections from
+            clients. The syntax is described in the OpenSSL ciphers(1) man
+            page, and defaults to
+            <literal>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</literal></para>
+        </listitem>
+      </varlistentry>
    </variablelist>

  </refsect1>
--- a/ncat/docs/ncatguide.xml
+++ b/ncat/docs/ncatguide.xml
@@ -427,6 +427,24 @@ Content-Type: text/html; charset=UTF-8
  checking.
  </para>

+  <para>
+    <indexterm><primary>SSL ciphers</primary><secondary>in Ncat</secondary></indexterm>
+    SSL connections depend on the client and server agreeing on a common
+    ciphersuite: a combination of key exchange, symmetric cipher, and message
+    integrity mechanism. The choice of which ciphersuites to offer (as a
+    client) or accept (as a server) is a matter of choice between the greatest
+    compatibility and the greatest security. The default set, expressed as an
+    OpenSSL cipherlist, is
+    <literal>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</literal>, a reasonable balance
+    between the two ends of the spectrum. To set a different priority or
+    initial choice, use the <option>--ssl-ciphers</option> option.
+    <indexterm><primary><option>--ssl-ciphers</option> (Ncat option)</primary></indexterm>
+    <literallayout>
+      <command>ncat --ssl-ciphers <replaceable>HIGH:!aNULL:!eNULL</replaceable> <replaceable>server</replaceable> 443</command>
+    </literallayout>
+  </para>
+    <indexterm><primary><option>--ssl-ciphers</option> (Ncat option)</primary></indexterm>
+
  <indexterm><primary>SSL</primary><secondary>in Ncat</secondary></indexterm>
  <indexterm><primary>certificate</primary><secondary>automatic generation of</secondary></indexterm>
  <indexterm><primary>certificate</primary><seealso><option>--ssl-cert</option></seealso></indexterm>
--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -621,6 +621,7 @@ int main(int argc, char *argv[])
 "      --ssl-key              Specify SSL private key (PEM) for listening\n"
 "      --ssl-verify           Verify trust and domain name of certificates\n"
 "      --ssl-trustfile        PEM file containing trusted SSL certificates\n"
+"      --ssl-ciphers          Cipherlist containing SSL ciphers to use\n"
 #endif
 "      --version              Display Ncat's version information and exit\n"
 "\n"