Upgrade chrome's OpenSSL to same version Android ships with.

openssl/doc/apps/ciphers.pod

 =pod
 
 =head1 NAME
 
 ciphers - SSL cipher display and cipher list tool.
 
 =head1 SYNOPSIS
 
 B<openssl> B<ciphers>
 [B<-v>]
+[B<-V>]
 [B<-ssl2>]
 [B<-ssl3>]
 [B<-tls1>]
 [B<cipherlist>]
 
 =head1 DESCRIPTION
 
-The B<cipherlist> command converts OpenSSL cipher lists into ordered
+The B<ciphers> command converts textual OpenSSL cipher lists into ordered
 SSL cipher preference lists. It can be used as a test tool to determine
 the appropriate cipherlist.
 
 =head1 COMMAND OPTIONS
 
 =over 4
 
 =item B<-v>
 
-verbose option. List ciphers with a complete description of
+Verbose option. List ciphers with a complete description of
 protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
 authentication, encryption and mac algorithms used along with any key size
 restrictions and whether the algorithm is classed as an "export" cipher.
 Note that without the B<-v> option, ciphers may seem to appear twice
 in a cipher list; this is when similar ciphers are available for
 SSL v2 and for SSL v3/TLS v1.
 
+=item B<-V>
+
+Like B<-V>, but include cipher suite codes in output (hex format).
+
 =item B<-ssl3>
 
 only include SSL v3 ciphers.
 
 =item B<-ssl2>
 
 only include SSL v2 ciphers.
 
 =item B<-tls1>
 
@@ skipping 51 matching lines @@
 the current cipher list in order of encryption algorithm key length.
 
 =head1 CIPHER STRINGS
 
 The following is a list of all permitted cipher strings and their meanings.
 
 =over 4
 
 =item B<DEFAULT>
 
-the default cipher list. This is determined at compile time and is normally
-B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
+the default cipher list. This is determined at compile time and, as of OpenSSL
+1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
 specified.
 
 =item B<COMPLEMENTOFDEFAULT>
 
 the ciphers included in B<ALL>, but not enabled by default. Currently
 this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
 not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
 
 =item B<ALL>
 
-all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
+all cipher suites except the B<eNULL> ciphers which must be explicitly enabled;
+as of OpenSSL, the B<ALL> cipher suites are reasonably ordered by default
 
 =item B<COMPLEMENTOFALL>
 
 the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
 
 =item B<HIGH>
 
 "high" encryption cipher suites. This currently means those with key lengths larger
 than 128 bits, and some cipher suites with 128-bit keys.
 
@@ skipping 108 matching lines @@
 cipher suites using SEED.
 
 =item B<MD5>
 
 cipher suites using MD5.
 
 =item B<SHA1>, B<SHA>
 
 cipher suites using SHA1.
 
+=item B<aGOST> 
+
+cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
+(needs an engine supporting GOST algorithms). 
+
+=item B<aGOST01>
+
+cipher suites using GOST R 34.10-2001 authentication.
+
+=item B<aGOST94>
+
+cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
+standard has been expired so use GOST R 34.10-2001)
+
+=item B<kGOST>
+
+cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
+
+=item B<GOST94>
+
+cipher suites, using HMAC based on GOST R 34.11-94.
+
+=item B<GOST89MAC>
+
+cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
+
+
 =back
 
 =head1 CIPHER SUITE NAMES
 
 The following lists give the SSL or TLS cipher suites names from the
 relevant specification and their OpenSSL equivalents. It should be noted,
 that several cipher suite names do not include the authentication used,
 e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
 
 =head2 SSL v3.0 cipher suites.
@@ skipping 105 matching lines @@
  TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
 
  TLS_DH_DSS_WITH_SEED_CBC_SHA           Not implemented.
  TLS_DH_RSA_WITH_SEED_CBC_SHA           Not implemented.
 
  TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
  TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
 
  TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
 
+=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
+
+Note: these ciphers require an engine which including GOST cryptographic
+algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
+
+ TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+ TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
+
 =head2 Additional Export 1024 and other cipher suites
 
 Note: these ciphers can also be used in SSL v3.
 
  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
  TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
  TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
  TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
 
@@ skipping 38 matching lines @@
 encryption.
 
  openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
 
 =head1 SEE ALSO
 
 L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
 
 =head1 HISTORY
 
-The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
-added in version 0.9.7.
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
+for cipherlist strings were added in OpenSSL 0.9.7.
+The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
 
 =cut