SSL_CTX_set_cipher_list: stop mentioning ancient ciphers

Support was removed nearly a decade ago. No need to mention this anymore.

ok jsing

Stop mentioning DSA/DSS

Support for this went away in 2017, but a few things still mentioned DSA
in various contexts. Replace DSA with ECDSA where appropriate and otherwise
delete this. It won't wor

Stop mentioning DSA/DSS

Support for this went away in 2017, but a few things still mentioned DSA
in various contexts. Replace DSA with ECDSA where appropriate and otherwise
delete this. It won't work.

ok jsing

show more ...

Add a small blurb on @SECLEVEL=n

Move unsupported, obsolete ciphers and deprecated aliases out of
the main list of words to make it more readable, even though it
remains long.

Avoid using deprecated aliases in explanations what oth

Move unsupported, obsolete ciphers and deprecated aliases out of
the main list of words to make it more readable, even though it
remains long.

Avoid using deprecated aliases in explanations what other words mean.
Stop documenting aDSS because it is *both* a deprecated alias *and*
no longer matches anything at all.

General direction discussed with jsing@ some time ago.

show more ...

tweak the wording to make it clearer under which conditions exactly
the TLSv1.3 cipher suites are made available, too;
related to ssl_ciph.c rev. 1.115

add the missing sentence "LibreSSL no longer provides any such
cipher suites" to the DES entry and use the same wording for DSS;
OK jsing@

Delete the three sentences listing the ciphers currently included
in LOW, MEDIUM, and HIGH. That's going to change repeatedly and
the extra maintenance effort for keeping it up to date is a waste
be

Delete the three sentences listing the ciphers currently included
in LOW, MEDIUM, and HIGH. That's going to change repeatedly and
the extra maintenance effort for keeping it up to date is a waste
because people can trivially run "openssl ciphers -v LOW" to look
it up. Besides, updating it will usually be forgotten; the LOW
entry was already wrong.
Suggested by jsing@.

show more ...

Document the TLSv1.3 control word, update the description of the
TLSv1 control word, and explain how TLSv1.3 cipher suites can be
configured in LibreSSL and in OpenSSL. While here, also mention
how

Document the TLSv1.3 control word, update the description of the
TLSv1 control word, and explain how TLSv1.3 cipher suites can be
configured in LibreSSL and in OpenSSL. While here, also mention
how users can inspect the DEFAULT list of cipher suites.
Stimulus, feedback and OK from jsing@.

show more ...

spelling; from bryan stenson

Fix typo: ECHD -> ECDH.

From Michael Forney, thanks!

*an* RSA;

Write documentation for the control string parameter from scratch,
collecting the information by inspecting the source code.

found a complete archive of SSLeay-0.4 to SSLeay-0.8.1b tarballs
on the web, so fix up SSLeay HISTORY accordingly

ssl.h HISTORY up to SSLeay 0.8.1b; researched from OpenSSL git

fix .Xr ordering, found with mandoc -Tlint

Import the SSL_CTX_set1_groups(3) manual page from OpenSSL, deleting
the read accessors we don't have and fixing the prototypes - the
data type of each and every argument differs in the OpenSSL manua

Import the SSL_CTX_set1_groups(3) manual page from OpenSSL, deleting
the read accessors we don't have and fixing the prototypes - the
data type of each and every argument differs in the OpenSSL manuals.
Reference the new page from SSL_set_tmp_ecdh(3) as suggested by jsing@.

show more ...

Add Copyright and license.
Stop talking about export ciphers.
Remove two irrelevant cross references.

move manual pages from doc/ to man/ for consistency with other
libraries, in particular considering that there are unrelated
files in doc/; requested by jsing@ and beck@