From 57988c83bb4b3f1780f045880ac4a8f36a51c55c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 17 Dec 2020 17:38:17 +0100
Subject: libinterimap: new option SSL_ciphersuites to set the TLSv1.3
 ciphersuites.

Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below.
See SSL_CTX_set_cipher_list(3ssl).
---
 doc/interimap.1.md | 12 +++++++-----
 doc/pullimap.1.md  | 12 +++++++-----
 2 files changed, 14 insertions(+), 10 deletions(-)

(limited to 'doc')

diff --git a/doc/interimap.1.md b/doc/interimap.1.md
index ae6224b..2d588ae 100644
--- a/doc/interimap.1.md
+++ b/doc/interimap.1.md
@@ -401,12 +401,14 @@ Valid options are:
     `TLSv1.1`, `TLSv1.2`, and `TLSv1.3`, depending on the OpenSSL
     version used.
 
-*SSL_cipherlist*
+*SSL_cipherlist*, *SSL_ciphersuites*
 
-:   The cipher list to send to the server.  Although the server
-    determines which cipher suite is used, it should take the first
-    supported cipher in the list sent by the client.  See
-    [`ciphers`(1ssl)] for more information.
+:   Sets the TLSv1.2 and below cipher list resp. TLSv1.3 cipher suites.
+    The combination of these lists is sent to the server, which then
+    determines which cipher to use (normally the first supported one
+    from the list sent by the client).  The default suites depend on the
+    OpenSSL version and its configuration, see [`ciphers`(1ssl)] for
+    more information.
 
 *SSL_fingerprint*
 
diff --git a/doc/pullimap.1.md b/doc/pullimap.1.md
index b0bc2fd..89969b2 100644
--- a/doc/pullimap.1.md
+++ b/doc/pullimap.1.md
@@ -220,12 +220,14 @@ Valid options are:
     `TLSv1.1`, `TLSv1.2`, and `TLSv1.3`, depending on the OpenSSL
     version used.
 
-*SSL_cipherlist*
+*SSL_cipherlist*, *SSL_ciphersuites*
 
-:   The cipher list to send to the server.  Although the server
-    determines which cipher suite is used, it should take the first
-    supported cipher in the list sent by the client.  See
-    [`ciphers`(1ssl)] for more information.
+:   Sets the TLSv1.2 and below cipher list resp. TLSv1.3 cipher suites.
+    The combination of these lists is sent to the server, which then
+    determines which cipher to use (normally the first supported one
+    from the list sent by the client).  The default suites depend on the
+    OpenSSL version and its configuration, see [`ciphers`(1ssl)] for
+    more information.
 
 *SSL_fingerprint*
 
-- 
cgit v1.2.3