[Pkg-openssl-devel] Bug#1101008: openssl-ciphers.1ssl: Some remarks about this man page

Bjarni Ingi Gislason bjarniig at simnet.is
Fri Mar 21 17:53:28 GMT 2025 

Package: openssl
Version: 3.4.1-1
Severity: minor
Tags: upstream

   * What led up to the situation?

     Checking for defects with a new version

test-[g|n]roff -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z < "man page"

  [Use "groff -e ' $' -e '\\~$' <file>" to find obvious trailing spaces.]

  ["test-groff" is a script in the repository for "groff"; is not shipped]
(local copy and "troff" slightly changed by me).

  [The fate of "test-nroff" was decided in groff bug #55941.]

   * What was the outcome of this action?

openssl-ciphers.1ssl:770:\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA    EDH\-DSS\-DES\-CBC3\-SHA (DHE\-DSS\-DES\-CBC3\-SHA)
[...]

-.-.

Strings longer than 3/4 of a standard line length (80).

Use "\:" to split the string at the end of an output line, for example a
long URL (web address)

156 \& TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
171 (<https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#tls\-parameters\-4>).

-.-.

Add a "\&" (or a comma (Oxford comma)) after "e.g." and "i.e.",
or use English words
(man-pages(7)).
Abbreviation points should be marked as such and protected against being
interpreted as an end of sentence, if they are not, and that independent
of the current place on the line.

300:Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
303:Cipher suites effectively using DH authentication, i.e. the certificates carry
308:Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
425:authentication used, e.g. DES\-CBC3\-SHA. In these cases, RSA authentication

-.-.

Wrong distance (not two spaces) between sentences in the input file.

  Separate the sentences and subordinate clauses; each begins on a new
line.  See man-pages(7) ("Conventions for source file layout") and
"info groff" ("Input Conventions").

  The best procedure is to always start a new sentence on a new line,
at least, if you are typing on a computer.

Remember coding: Only one command ("sentence") on each (logical) line.

E-mail: Easier to quote exactly the relevant lines.

Generally: Easier to edit the sentence.

Patches: Less unaffected text.

Search for two adjacent words is easier, when they belong to the same line,
and the same phrase.

  The amount of space between sentences in the output can then be
controlled with the ".ss" request.

Mark a final abbreviation point as such by suffixing it with "\&".

Some sentences (etc.) do not begin on a new line.

Split (sometimes) lines after a punctuation mark; before a conjunction.

  Lines with only one (or two) space(s) between sentences could be split,
so latter sentences begin on a new line.

Use

#!/usr/bin/sh

sed -e '/^\./n' \
-e 's/\([[:alpha:]]\)\.  */\1.\n/g' $1

to split lines after a sentence period.
Check result with the difference between the formatted outputs.
See also the attachment "general.bugs"

[List of affected lines removed.]


-.-.

Split lines longer than 80 characters into two or more lines.
Appropriate break points are the end of a sentence and a subordinate
clause; after punctuation marks.
Add "\:" to split the string for the output, "\<newline>" in the source.  

[List of affected lines removed.]

Longest line is number 417 with 115 characters
\&\fBSSL_IDEA\fR, \fBSSL_AES128\fR, \fBSSL_AES256\fR, \fBSSL_CAMELLIA128\fR, \fBSSL_CAMELLIA256\fR, \fBSSL_SEED\fR.

-.-.

Remove unnecessary double font change (e.g., \fR\fI) in a row or (better)
use a two-fonts macro.

205:The cipher string \fR\f(CB at STRENGTH\fR\fB\fR can be used at any point to sort the current
208:The cipher string \fR\f(CB at SECLEVEL\fR\fB\fR=\fIn\fR can be used at any point to set the security

-.-.

Add a zero (0) in front of a decimal fraction that begins with a period
(.)

7:.if t .sp .5v

-.-.

Put a parenthetical sentence, phrase on a separate line,
if not part of a code.
See man-pages(7), item "semantic newline".

openssl-ciphers.1ssl:228:default (see the enable-weak-ssl-ciphers option to Configure).
openssl-ciphers.1ssl:349:Cipher suites using DES (not triple DES).
openssl-ciphers.1ssl:374:Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
openssl-ciphers.1ssl:400:Enables suite B mode of operation using 128 (permitting 192 bit mode by peer)
openssl-ciphers.1ssl:401:128 bit (not permitting 192 bit by peer) or 192 bit level of security
openssl-ciphers.1ssl:845:Licensed under the Apache License 2.0 (the "License").  You may not use

-.-.

Change a HYPHEN-MINUS (code 0x55, 2D) to a dash
(\-, minus) if it matches "[[:alph:]]-[[:alpha:]]" in the name of an
option).
Facilitates the copy and paste of
a) an option in UTF-8 text
b) web addresses (URL).

Is not needed in ordinary words like "mother-in-law", that are not
copied and pasted to a command line (which needs ASCII code)

101:.IX Item "-provider-path path"
228:default (see the enable-weak-ssl-ciphers option to Configure).
518:.SS "GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0"
519:.IX Subsection "GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0"
833:(\fBenable-ssl-trace\fR argument to Configure) before OpenSSL 1.1.1.

-.-.

Use a hyphen between a number and the unit (name) "bit",
see "man-pages(7)", item "Terms to avoid".

240:larger than 128 bits, and some cipher suites with 128\-bit keys.
243:"Medium" encryption cipher suites, currently some of those using 128 bit
247:"Low" encryption cipher suites, currently those using 64 or 56 bit
322:cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
335:Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit
339:Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
400:Enables suite B mode of operation using 128 (permitting 192 bit mode by peer)
401:128 bit (not permitting 192 bit by peer) or 192 bit level of security

-.-.

Only one space character after a possible end of sentence
(after a punctuation, that can end a sentence).

[List of affected lines removed.]

-.-

Put a subordinate sentence (after a comma) on a new line.

[List of affected lines removed.]

-.-

Use ".na" (no adjustment) instead of ".ad l" (and ".ad" to begin the
same adjustment again as before).

61:.if n .ad l

-.-.

Add lines to use the CR font for groff instead of CW.

.if t \{\
.  ie \\n(.g .ft CR
.  el .ft CW
.\}


11:.ft CW

-.-.

Section headings (.SH and .SS) do not need quoting their arguments.

164:.SH "CIPHER LIST FORMAT"
219:.SH "CIPHER STRINGS"
418:.SH "CIPHER SUITE NAMES"
427:.SS "SSL v3.0 cipher suites"
449:.SS "TLS v1.0 cipher suites"
467:.SS "AES cipher suites from RFC3268, extending TLS v1.0"
486:.SS "Camellia cipher suites from RFC4132, extending TLS v1.0"
505:.SS "SEED cipher suites from RFC4162, extending TLS v1.0"
518:.SS "GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0"
530:.SS "GOST cipher suites, extending TLS v1.2"
543:.SS "Additional Export 1024 and other cipher suites"
550:.SS "Elliptic curve cipher suites"
571:.SS "TLS v1.2 cipher suites"
629:.SS "ARIA cipher suites from RFC6209, extending TLS v1.2"
651:.SS "Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2"
659:.SS "Pre-shared keying (PSK) cipher suites"
734:.SS "ChaCha20\-Poly1305 cipher suites, extending TLS v1.2"
745:.SS "TLS v1.3 cipher suites"
754:.SS "TLS v1.3 integrity-only cipher suites according to RFC 9150"
764:.SS "Older names used by OpenSSL"
822:.SH "SEE ALSO"

-.-.

Put a (long) web address on a new line to reduce the posibility of
splitting the address between two output lines.
Or inhibit hyphenation with "\%" in front of the name.


171:(<https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#tls\-parameters\-4>).
848:<https://www.openssl.org/source/license.html>.

-.-.

Output from "test-groff  -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z ":

an.tmac:<stdin>:99: style: use of deprecated macro: .PD
an.tmac:<stdin>:104: style: use of deprecated macro: .PD

Output from "test-nroff  -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z ":

an.tmac:<stdin>:99: style: use of deprecated macro: .PD
an.tmac:<stdin>:104: style: use of deprecated macro: .PD
troff:<stdin>:171: warning [page 2, line 14]: cannot break line

-.-.

Generally:

Split (sometimes) lines after a punctuation mark; before a conjunction.

-------------- next part --------------
  Any program (person), that produces man pages, should check the output
for defects by using (both groff and nroff)

[gn]roff -mandoc -t -ww -b -z -K utf8 <man page>

  The same goes for man pages that are used as an input.

  For a style guide use

  mandoc -T lint

-.-

  Any "autogenerator" should check its products with the above mentioned
'groff', 'mandoc', and additionally with 'nroff ...'.

  It should also check its input files for too long (> 80) lines.

  This is just a simple quality control measure.

  The "autogenerator" may have to be corrected to get a better man page,
the source file may, and any additional file may.

  Common defects:

  Not removing trailing spaces (in in- and output).
  The reason for these trailing spaces should be found and eliminated.

  "git" has a "tool" to point out whitespace,
see for example "git-apply(1)" and git-config(1)")

  Not beginning each input sentence on a new line.
Line length and patch size should thus be reduced.

  The script "reportbug" uses 'quoted-printable' encoding when a line is
longer than 1024 characters in an 'ascii' file.

  See man-pages(7), item "semantic newline".

-.-

The difference between the formatted output of the original and patched file
can be seen with:

  nroff -mandoc <file1> > <out1>
  nroff -mandoc <file2> > <out2>
  diff -d -u <out1> <out2>

and for groff, using

\"printf '%s\n%s\n' '.kern 0' '.ss 12 0' | groff -mandoc -Z - \"

instead of 'nroff -mandoc'

  Add the option '-t', if the file contains a table.

  Read the output from 'diff -d -u ...' with 'less -R' or similar.

-.-.

  If 'man' (man-db) is used to check the manual for warnings,
the following must be set:

  The option \"-warnings=w\"

  The environmental variable:

export MAN_KEEP_STDERR=yes (or any non-empty value)

  or

  (produce only warnings):

export MANROFFOPT=\"-ww -b -z\"

export MAN_KEEP_STDERR=yes (or any non-empty value)

-.-

More information about the Pkg-openssl-devel mailing list