From dfa1f5476e86f330f708c1396f577c01d10c545c Mon Sep 17 00:00:00 2001 From: raja-ashok Date: Sat, 11 May 2019 23:28:26 +0530 Subject: [PATCH] Update docs for TLS1.3 FFDHE Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8178) --- doc/man3/SSL_CONF_cmd.pod | 20 ++++++++++++++------ doc/man3/SSL_CTX_set1_curves.pod | 9 +++++++-- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 5c58268f49..227d9de377 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -79,9 +79,13 @@ B. The B argument is a colon separated list of groups. The group can be either the B name (e.g. B), some other commonly used name where -applicable (e.g. B) or an OpenSSL OID name (e.g B). Group -names are case sensitive. The list should be in order of preference with the -most preferred group first. +applicable (e.g. B, B) or an OpenSSL OID name +(e.g B). Group names are case sensitive. The list should be in +order of preference with the most preferred group first. + +Currently supported groups for B are B, B, B, +B, B, B, B, B, B, +B. =item B<-curves> @@ -356,9 +360,13 @@ B. The B argument is a colon separated list of groups. The group can be either the B name (e.g. B), some other commonly used name where -applicable (e.g. B) or an OpenSSL OID name (e.g B). Group -names are case sensitive. The list should be in order of preference with the -most preferred group first. +applicable (e.g. B, B) or an OpenSSL OID name +(e.g B). Group names are case sensitive. The list should be in +order of preference with the most preferred group first. + +Currently supported groups for B are B, B, B, +B, B, B, B, B, B, +B. =item B diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index b6f647e99b..bb58a4dbf0 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -39,11 +39,16 @@ SSL_CTX_set1_groups() sets the supported groups for B to B groups in the array B. The array consist of all NIDs of groups in preference order. For a TLS client the groups are used directly in the supported groups extension. For a TLS server the groups are used to -determine the set of shared groups. +determine the set of shared groups. Currently supported groups for +B are B, B, B, +B, B, B, B, +B, B and B. SSL_CTX_set1_groups_list() sets the supported groups for B to string B. The string is a colon separated list of group NIDs or -names, for example "P-521:P-384:P-256". +names, for example "P-521:P-384:P-256:X25519:ffdhe2048". Currently supported +groups for B are B, B, B, B, B, +B, B, B, B, B. SSL_set1_groups() and SSL_set1_groups_list() are similar except they set supported groups for the SSL structure B. -- 2.25.1