From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Sun, 3 Feb 2019 18:35:25 +0000 (+0000)
Subject: DOC: ssl: Clarify when pre TLSv1.3 cipher can be used
X-Git-Tag: v2.0-dev1~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8cf7c1eb6123bce935f592844a4638d74b462aae;p=thirdparty%2Fhaproxy.git

DOC: ssl: Clarify when pre TLSv1.3 cipher can be used

This is mainly driven by the fact TLSv1.3 will have a successor at some
point.
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index fe5eb25076..9d366b9c7e 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -1027,7 +1027,7 @@ setenv <name> <value>
 ssl-default-bind-ciphers <ciphers>
   This setting is only available when support for OpenSSL was built in. It sets
   the default string describing the list of cipher algorithms ("cipher suite")
-  that are negotiated during the SSL/TLS handshake except for TLSv1.3 for all
+  that are negotiated during the SSL/TLS handshake up to TLSv1.2 for all
   "bind" lines which do not explicitly define theirs. The format of the string
   is defined in "man 1 ciphers" from OpenSSL man pages, and can be for instance
   a string such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without quotes). For
@@ -1059,7 +1059,7 @@ ssl-default-bind-options [<option>]...
 ssl-default-server-ciphers <ciphers>
   This setting is only available when support for OpenSSL was built in. It
   sets the default string describing the list of cipher algorithms that are
-  negotiated during the SSL/TLS handshake except for TLSv1.3 with the server,
+  negotiated during the SSL/TLS handshake up to TLSv1.2 with the server,
   for all "server" lines which do not explicitly define theirs. The format of
   the string is defined in "man 1 ciphers". For TLSv1.3 cipher configuration,
   please check the "ssl-default-server-ciphersuites" keyword. Please check the
@@ -10893,7 +10893,7 @@ ca-sign-pass <passphrase>
 ciphers <ciphers>
   This setting is only available when support for OpenSSL was built in. It sets
   the string describing the list of cipher algorithms ("cipher suite") that are
-  negotiated during the SSL/TLS handshake except for TLSv1.3. The format of the
+  negotiated during the SSL/TLS handshake up to TLSv1.2. The format of the
   string is defined in "man 1 ciphers" from OpenSSL man pages, and can be for
   instance a string such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" (without
   quotes). Depending on the compatibility and security requirements, the list