openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Update the documentation for "Groups" and "Curves" 

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3375)
This commit is contained in:
Matt Caswell 2017-05-03 16:39:57 +01:00
parent 863fe19b5f
commit 47f7cf051b
1 changed files with 36 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
doc/man3/SSL_CONF_cmd.pod
View File

@ -73,6 +73,26 @@ The B<value> argument is a colon separated list of curves. The curve can be
either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
B<prime256v1>). Curve names are case sensitive.
=item B<-groups>
This sets the supported groups. For clients, the groups are
sent using the supported groups extension. For servers, it is used
to determine which group to use. This setting affects groups used for both
signatures and key exchange, if applicable. It also affects the preferred
key_share sent by a client in a TLSv1.3 compatible connection.
The B<value> argument is a colon separated list of groups. The group can be
either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group
names are case sensitive. The list should be in order of preference with the
most preferred group first. The first listed group will be the one used for a
key_share by a TLSv1.3 client.
=item B<-curves>
This is a synonym for the "-groups" command.
=item B<-named_curve>
This sets the temporary curve used for ephemeral ECDH modes. Only used by
@ -273,16 +293,24 @@ used to determine which signature algorithm to with the client certificate.
The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then
the value set for B<SignatureAlgorithms> will be used instead.
=item B<Groups>
This sets the supported groups. For clients, the groups are
sent using the supported groups extension. For servers, it is used
to determine which group to use. This setting affects groups used for both
signatures and key exchange, if applicable. It also affects the preferred
key_share sent by a client in a TLSv1.3 compatible connection.
The B<value> argument is a colon separated list of groups. The group can be
either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group
names are case sensitive. The list should be in order of preference with the
most preferred group first. The first listed group will be the one used for a
key_share by a TLSv1.3 client.
=item B<Curves>
This sets the supported elliptic curves. For clients the curves are
sent using the supported curves extension. For servers it is used
to determine which curve to use. This setting affects curves used for both
signatures and key exchange, if applicable.
The B<value> argument is a colon separated list of curves. The curve can be
either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
B<prime256v1>). Curve names are case sensitive.
This is a synonym for the "Groups" command.
=item B<MinProtocol>