From: Dmitry Eremin-Solenikov Date: Wed, 8 Jan 2020 18:31:32 +0000 (+0300) Subject: doc: document GOST priority options X-Git-Tag: 3.6.12~27^2~6 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=cdaae8ba87cee361128396db3f6b2b3077a0ec89;p=thirdparty%2Fgnutls.git doc: document GOST priority options Signed-off-by: Dmitry Eremin-Solenikov --- diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 74fed786b7..952bd26056 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1420,19 +1420,19 @@ appended with an algorithm will add this algorithm. @multitable @columnfractions .20 .70 @headitem Type @tab Keywords @item Ciphers @tab -Examples are AES-128-GCM, AES-256-GCM, AES-256-CBC; see also +Examples are AES-128-GCM, AES-256-GCM, AES-256-CBC, GOST28147-TC26Z-CNT; see also @ref{tab:ciphers} for more options. Catch all name is CIPHER-ALL which will add all the algorithms from NORMAL priority. @item Key exchange @tab RSA, DHE-RSA, DHE-DSS, SRP, SRP-RSA, SRP-DSS, -PSK, DHE-PSK, ECDHE-PSK, ECDHE-RSA, ECDHE-ECDSA, ANON-ECDH, ANON-DH. The +PSK, DHE-PSK, ECDHE-PSK, ECDHE-RSA, ECDHE-ECDSA, VKO-GOST-12, ANON-ECDH, ANON-DH. Catch all name is KX-ALL which will add all the algorithms from NORMAL priority. Under TLS1.3, the DHE-PSK and ECDHE-PSK strings are equivalent and instruct for a Diffie-Hellman key exchange using the enabled groups. @item MAC @tab -MD5, SHA1, SHA256, SHA384, AEAD (used with +MD5, SHA1, SHA256, SHA384, GOST28147-TC26Z-IMIT, AEAD (used with GCM ciphers only). All algorithms from NORMAL priority can be accessed with MAC-ALL. @item Compression algorithms @tab @@ -1450,7 +1450,8 @@ SIGN-RSA-SHA1, SIGN-RSA-SHA224, SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-DSA-SHA1, SIGN-DSA-SHA224, SIGN-DSA-SHA256, SIGN-RSA-MD5, SIGN-ECDSA-SHA1, SIGN-ECDSA-SHA224, SIGN-ECDSA-SHA256, SIGN-ECDSA-SHA384, SIGN-ECDSA-SHA512, -SIGN-RSA-PSS-SHA256, SIGN-RSA-PSS-SHA384, SIGN-RSA-PSS-SHA512. +SIGN-RSA-PSS-SHA256, SIGN-RSA-PSS-SHA384, SIGN-RSA-PSS-SHA512, +SIGN-GOSTR341001, SIGN-GOSTR341012-256, SIGN-GOSTR341012-512. Catch all which enables all algorithms from NORMAL priority is SIGN-ALL. This option is only considered for TLS 1.2 and later.