test.conf

# List of real chiper keywords (<-> sections should be highlighted)
# <cipher keyword>        <->            <--->        <-> <->                          <-> <>                 <-> <-->      <--------
ssl_cipher_list           DSS:ECDSA:!DSS:aGOST:AES128-DSS:MD5:!AES256+GOST:SHA256:!DSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:kDHE
tls_require_ciphers       RC2:ECDSA:!DSS:aGOST:AES128-DSS:MD5:!AES256+MD5:SHA256:!DSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:kDHE
tls_medium_cipherlist    'RC2:ECDSA:!MD5:aGOST:AES128-DSS:MD5:!AES256+MD5:SHA256:!DSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:kDHE';
ciphers                   DSS:ECDSA:!DSS:aGOST:AES128-DSS:MD5:!AES256+aDSS:SHA256:!DSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:kDHE-MD5
SSLCipherSuite            RC2:ECDSA:!DSS:aGOST:AES128+DSS:MD5:!AES256-MD5:SHA256:!aDSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:DH
ssl_ciphers              'RC2:ECDSA:!DSS:aGOST:AES128+DSS:MD5:!AES256-MD5:SHA256:!aDSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:kDHE-MD5'
ssl.cipher-list           DSS:ECDSA:!DSS:aGOST:AES128+DSS:MD5:!AES256-MD5:SHA256:!aDSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:kDHE;

# <cipher keyword>        <->            <--->        <-> <->        <-->             <-> <>                 <-> <-->      <--------
TLSCipherSuite            RC2:ECDSA:!RC2:aGOST:AES128-DSS:MD5:AES256-GOST:SHA256:!DSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:kDHE-MD5
server_ssl_ciphers        RC2:ECDSA:!DSS:aGOST:AES128-DSS:MD5:AES256+GOST:SHA256:!DSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:ECDH
ssl-default-bind-ciphers "RC2:ECDSA:!MD5:aGOST:AES128-DSS:MD5:AES256-GOST:SHA256:!DSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:MD5"
ssl_cipher                MD5:ECDSA:!RC2:aGOST:AES128+DSS:MD5:AES256-MD5:SHA256:!DSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:+MD5
ssl_ciphers              "RC2:ECDSA:!DHE:aGOST:AES128+DSS:MD5:AES256-aDSS:SHA256:!DSS:EXP:DH:EDH:DHE:!SSLv3:+LOW:3DES:aRSA:DH-MD5";

# <cipher keyword>                      <->                     <-> <--->
ssl-cipher                !kGOST:AES128+DSS:-aDSS:!AES256-aGOST:DSS-aGOST:!3DES:aRSA:-SHA
ssl-cipher                !ECDHE-MD5-DH:DSS

# <cipher keyword>              <->        <->
ssl_ciphers               ECDHE-MD5-AES128-DSS:!MD5

# Fake Golang test ciphers                    <->     <->      <>                      <-->
CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_DES_CBC_SHA, tls.DH_RSA_WITH_AES_256_CBC_MD5}

# List of real protocol keywords
# <protocol keyword>    <--->
SSLProtocol             SSLv2 -SSLv3;
ssl_protocols          'SSLv2 TLSv1.1 TLSv1.2';
openssl_options =      +sslv2 TLSv1;
ssl_protocols =        "SSLv2 !SSLv3"
TLSProtocol             SSLv2 !SSLv3 TLSv1.2
server_ssl_protocols = "SSLv2 !SSLv3 TLSv1";

# Nothing should be highlighted here
NONE                    SSLv2 !SSLv3

# Prose text. Nothing should be highlighted here.
Some ciphers are insecure, especially SSLv3
Ciphers are not ALL insecure. Especially 3DES, as well as AES-DES.
DSS: An insecure cipher, that should'nt be highlighted in prose text.
Analogue to MD5: - also do not highlight :MD5 (TODO)