summaryrefslogtreecommitdiffstats
path: root/upstream/debian-unstable/man3/SSL_CTX_set1_curves.3ssl
diff options
context:
space:
mode:
Diffstat (limited to 'upstream/debian-unstable/man3/SSL_CTX_set1_curves.3ssl')
-rw-r--r--upstream/debian-unstable/man3/SSL_CTX_set1_curves.3ssl37
1 files changed, 25 insertions, 12 deletions
diff --git a/upstream/debian-unstable/man3/SSL_CTX_set1_curves.3ssl b/upstream/debian-unstable/man3/SSL_CTX_set1_curves.3ssl
index 7f7b3a3d..9a71c9e7 100644
--- a/upstream/debian-unstable/man3/SSL_CTX_set1_curves.3ssl
+++ b/upstream/debian-unstable/man3/SSL_CTX_set1_curves.3ssl
@@ -55,16 +55,17 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_SET1_CURVES 3SSL"
-.TH SSL_CTX_SET1_CURVES 3SSL 2024-02-03 3.1.5 OpenSSL
+.TH SSL_CTX_SET1_CURVES 3SSL 2024-04-04 3.2.2-dev OpenSSL
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups,
-SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group,
-SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list,
-SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve
+SSL_set1_groups_list, SSL_get1_groups, SSL_get0_iana_groups,
+SSL_get_shared_group, SSL_get_negotiated_group, SSL_CTX_set1_curves,
+SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list,
+SSL_get1_curves, SSL_get_shared_curve
\&\- EC supported curve functions
.SH SYNOPSIS
.IX Header "SYNOPSIS"
@@ -78,6 +79,7 @@ SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve
\& int SSL_set1_groups_list(SSL *ssl, char *list);
\&
\& int SSL_get1_groups(SSL *ssl, int *groups);
+\& int SSL_get0_iana_groups(SSL *ssl, uint16_t **out);
\& int SSL_get_shared_group(SSL *s, int n);
\& int SSL_get_negotiated_group(SSL *s);
\&
@@ -105,15 +107,17 @@ preference order. For a TLS client the groups are used directly in the
supported groups extension. For a TLS server the groups are used to
determine the set of shared groups. Currently supported groups for
\&\fBTLSv1.3\fR are \fBNID_X9_62_prime256v1\fR, \fBNID_secp384r1\fR, \fBNID_secp521r1\fR,
-\&\fBNID_X25519\fR, \fBNID_X448\fR, \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR,
-\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR and \fBNID_ffdhe8192\fR.
+\&\fBNID_X25519\fR, \fBNID_X448\fR, \fBNID_brainpoolP256r1tls13\fR,
+\&\fBNID_brainpoolP384r1tls13\fR, \fBNID_brainpoolP512r1tls13\fR, \fBNID_ffdhe2048\fR,
+\&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR and \fBNID_ffdhe8192\fR.
.PP
\&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to
-string \fBlist\fR. The string is a colon separated list of group NIDs or
-names, for example "P\-521:P\-384:P\-256:X25519:ffdhe2048". Currently supported
-groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, \fBX25519\fR, \fBX448\fR,
-\&\fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, \fBffdhe8192\fR. Support
-for other groups may be added by external providers.
+string \fBlist\fR. The string is a colon separated list of group names, for example
+"P\-521:P\-384:P\-256:X25519:ffdhe2048". Currently supported groups for \fBTLSv1.3\fR
+are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, \fBX25519\fR, \fBX448\fR, \fBbrainpoolP256r1tls13\fR,
+\&\fBbrainpoolP384r1tls13\fR, \fBbrainpoolP512r1tls13\fR, \fBffdhe2048\fR, \fBffdhe3072\fR,
+\&\fBffdhe4096\fR, \fBffdhe6144\fR and \fBffdhe8192\fR. Support for other groups may be
+added by external providers.
.PP
\&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set
supported groups for the SSL structure \fBssl\fR.
@@ -127,6 +131,13 @@ order. It can return zero if the client did not send a supported groups
extension. If a supported group NID is unknown then the value is set to the
bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group.
.PP
+\&\fBSSL_get0_iana_groups()\fR retrieves the list of groups sent by the
+client in the supported_groups extension. The \fB*out\fR array of bytes
+is populated with the host-byte-order representation of the uint16_t group
+identifiers, as assigned by IANA. The group list is returned in the same order
+that was received in the ClientHello. The return value is the number of groups,
+not the number of bytes written.
+.PP
\&\fBSSL_get_shared_group()\fR returns the NID of the shared group \fBn\fR for a
server-side SSL \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is
returned, which may be zero. Other than for diagnostic purposes,
@@ -165,6 +176,8 @@ consider using the SSL_CONF interface instead of manually parsing options.
.PP
\&\fBSSL_get1_groups()\fR returns the number of groups, which may be zero.
.PP
+\&\fBSSL_get0_iana_groups()\fR returns the number of (uint16_t) groups, which may be zero.
+.PP
\&\fBSSL_get_shared_group()\fR returns the NID of shared group \fBn\fR or NID_undef if there
is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR
is \-1.
@@ -185,7 +198,7 @@ functions were added in OpenSSL 1.1.1. The \fBSSL_get_negotiated_group()\fR func
was added in OpenSSL 3.0.0.
.SH COPYRIGHT
.IX Header "COPYRIGHT"
-Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013\-2022 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-10 02:20:02 +0000