diff options
| author | Matt Caswell <matt@openssl.org> | 2022-09-30 13:43:55 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2022-10-07 10:01:48 +0100 |
| commit | 8377f26c2e6dadd9a1728805cd895fa94669f2d0 (patch) | |
| tree | 184b0b61a35e9c2457432dd52e843c9fd1145e58 | |
| parent | 3f76339a3fe7be412b754ffe7b0a5438a1297f28 (diff) | |
Update the SSL_CTX_set1_groups documentation
Mention the brainpool curves in the documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19315)
| -rw-r--r-- | doc/man3/SSL_CTX_set1_curves.pod | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index 62037eec64..c26ef00306 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -48,15 +48,17 @@ preference order. For a TLS client the groups are used directly in the supported groups extension. For a TLS server the groups are used to determine the set of shared groups. Currently supported groups for B<TLSv1.3> are B<NID_X9_62_prime256v1>, B<NID_secp384r1>, B<NID_secp521r1>, -B<NID_X25519>, B<NID_X448>, B<NID_ffdhe2048>, B<NID_ffdhe3072>, -B<NID_ffdhe4096>, B<NID_ffdhe6144> and B<NID_ffdhe8192>. +B<NID_X25519>, B<NID_X448>, B<NID_brainpoolP256r1tls13>, +B<NID_brainpoolP384r1tls13>, B<NID_brainpoolP512r1tls13>, B<NID_ffdhe2048>, +B<NID_ffdhe3072>, B<NID_ffdhe4096>, B<NID_ffdhe6144> and B<NID_ffdhe8192>. SSL_CTX_set1_groups_list() sets the supported groups for B<ctx> to -string B<list>. The string is a colon separated list of group NIDs or -names, for example "P-521:P-384:P-256:X25519:ffdhe2048". Currently supported -groups for B<TLSv1.3> are B<P-256>, B<P-384>, B<P-521>, B<X25519>, B<X448>, -B<ffdhe2048>, B<ffdhe3072>, B<ffdhe4096>, B<ffdhe6144>, B<ffdhe8192>. Support -for other groups may be added by external providers. +string B<list>. The string is a colon separated list of group names, for example +"P-521:P-384:P-256:X25519:ffdhe2048". Currently supported groups for B<TLSv1.3> +are B<P-256>, B<P-384>, B<P-521>, B<X25519>, B<X448>, B<brainpoolP256r1tls13>, +B<brainpoolP384r1tls13>, B<brainpoolP512r1tls13>, B<ffdhe2048>, B<ffdhe3072>, +B<ffdhe4096>, B<ffdhe6144> and B<ffdhe8192>. Support for other groups may be +added by external providers. SSL_set1_groups() and SSL_set1_groups_list() are similar except they set supported groups for the SSL structure B<ssl>. |