1 files changed, 217 insertions, 0 deletions

diff --git a/security/nss/doc/rst/legacy/nss_config_options/index.rst b/security/nss/doc/rst/legacy/nss_config_options/index.rst
new file mode 100644
index 0000000000..7f62e36f90
--- /dev/null
+++ b/security/nss/doc/rst/legacy/nss_config_options/index.rst
@@ -0,0 +1,217 @@
+.. _mozilla_projects_nss_nss_config_options:
+
+NSS Config Options
+==================
+
+.. _nss_config_options_format:
+
+` NSS Config Options Format <#nss_config_options_format>`__
+-----------------------------------------------------------
+
+.. container::
+
+   The specified ciphers will be allowed by policy, but an application may allow more by policy
+   explicitly:
+
+   .. code::
+
+      config="allow=curve1:curve2:hash1:hash2:rsa-1024..."
+
+   Only the specified hashes and curves will be allowed:
+
+   .. code::
+
+      config="disallow=all allow=sha1:sha256:secp256r1:secp384r1"
+
+   Only the specified hashes and curves will be allowed, and RSA keys of 2048 or more will be
+   accepted, and DH key exchange with 1024-bit primes or more:
+
+   .. code::
+
+      config="disallow=all allow=sha1:sha256:secp256r1:secp384r1:min-rsa=2048:min-dh=1024"
+
+   A policy that enables the AES ciphersuites and the SECP256/384 curves:
+
+   .. code::
+
+      config="allow=aes128-cbc:aes128-gcm::HMAC-SHA1:SHA1:SHA256:SHA384:RSA:ECDHE-RSA:SECP256R1:SECP384R1"
+
+   Turn off md5
+
+   .. code::
+
+      config="disallow=MD5"
+
+   Turn off md5 and sha1 only for SSL
+
+   .. code::
+
+      config="disallow=MD5(SSL):SHA1(SSL)"
+
+   Disallow values are parsed first, and then allow values, independent of the order in which they
+   appear.
+
+   .. code::
+
+      Future key words (not yet implemented):
+      enable: turn on ciphersuites by default.
+      disable: turn off ciphersuites by default without disallowing them by policy.
+      flags: turn on the following flags:
+           ssl-lock: turn off the ability for applications to change policy with
+                     the SSL_SetCipherPolicy (or SSL_SetPolicy).
+           policy-lock: turn off the ability for applications to change policy with
+                     the call NSS_SetAlgorithmPolicy.
+           ssl-default-lock: turn off the ability for applications to change cipher
+                     suite states with SSL_EnableCipher, SSL_DisableCipher.
+
+   .. rubric::  ECC Curves
+      :name: ecc_curves
+
+   |
+   | PRIME192V1
+   | PRIME192V2
+   | PRIME192V3
+   | PRIME239V1
+   | PRIME239V2
+   | PRIME239V3
+   | PRIME256V1
+   | SECP112R1
+   | SECP112R2
+   | SECP128R1
+   | SECP128R2
+   | SECP160K1
+   | SECP160R1
+   | SECP160R2
+   | SECP192K1
+   | SECP192R1
+   | SECP224K1
+   | SECP256K1
+   | SECP256R1
+   | SECP384R1
+   | SECP521R1
+   | C2PNB163V1
+   | C2PNB163V2
+   | C2PNB163V3
+   | C2PNB176V1
+   | C2TNB191V1
+   | C2TNB191V2
+   | C2TNB191V3
+   | C2ONB191V4
+   | C2ONB191V5
+   | C2PNB208W1
+   | C2TNB239V1
+   | C2TNB239V2
+   | C2TNB239V3
+   | C2ONB239V4
+   | C2ONB239V5
+   | C2PNB272W1
+   | C2PNB304W1
+   | C2TNB359V1
+   | C2PNB368W1
+   | C2TNB431R1
+   | SECT113R1
+   | SECT131R1
+   | SECT131R1
+   | SECT131R2
+   | SECT163K1
+   | SECT163R1
+   | SECT163R2
+   | SECT193R1
+   | SECT193R2
+   | SECT233K1
+   | SECT233R1
+   | SECT239K1
+   | SECT283K1
+   | SECT283R1
+   | SECT409K1
+   | SECT409R1
+   | SECT571K1
+   | SECT571R1
+
+   .. rubric:: Hashes
+      :name: hashes
+
+   |
+   | MD2
+   | MD4
+   | MD5
+   | SHA1
+   | SHA224
+   | SHA256
+   | SHA384
+   | SHA512
+
+   .. rubric:: MACS
+      :name: macs
+
+   | HMAC-SHA1
+   | HMAC-SHA224
+   | HMAC-SHA256
+   | HMAC-SHA384
+   | HMAC-SHA512
+   | HMAC-MD5
+
+   .. rubric:: Ciphers
+      :name: ciphers
+
+   | AES128-CBC
+   | AES192-CBC
+   | AES256-CBC
+   | AES128-GCM
+   | AES192-GCM
+   | AES256-GCM
+   | CAMELLIA128-CBC
+   | CAMELLIA192-CBC
+   | CAMELLIA256-CBC
+   | SEED-CBC
+   | DES-EDE3-CBC
+   | DES-40-CBC
+   | DES-CBC
+   | NULL-CIPHER
+   | RC2
+   | RC4
+   | IDEA
+
+   .. rubric:: SSL Key exchanges
+      :name: ssl_key_exchanges
+
+   | RSA
+   | RSA-EXPORT
+   | DHE-RSA
+   | DHE-DSS
+   | DH-RSA
+   | DH-DSS
+   | ECDHE-ECDSA
+   | ECDHE-RSA
+   | ECDH-ECDSA
+   | ECDH-RSA
+
+   .. rubric:: Restrictions for asymmetric keys (integers)
+      :name: restrictions_for_asymmetric_keys_(integers)
+
+   | RSA-MIN
+   | DH-MIN
+   | DSA-MIN
+
+   .. rubric:: Constraints on SSL Protocols Versions (integers)
+      :name: constraints_on_ssl_protocols_versions_(integers)
+
+   | TLS-VERSION-MIN
+   | TLS-VERSION-MAX
+
+   .. rubric:: Constraints on DTLS Protocols Versions (integers)
+      :name: constraints_on_dtls_protocols_versions_(integers)
+
+   | DTLS-VERSION-MIN
+   | DTLS-VERSION-MAX
+
+   .. rubric:: Policy flags for algorithms
+      :name: policy_flags_for_algorithms
+
+   | SSL
+   | SSL-KEY-EXCHANGE
+   | KEY-EXCHANGE
+   | CERT-SIGNATURE
+   | SIGNATURE
+   | ALL
+   | NONE
\ No newline at end of file