mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Document extensibility of -groups parameter via providers

Browse Source 
Also add brainpool curves

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25821)
This commit is contained in:
Michael Baentsch 2024-10-29 09:42:40 +01:00 committed by Tomas Mraz
parent 8f4cd8e305
commit b9881e8eb1
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
doc/man3/SSL_CONF_cmd.pod
View File

@ -125,8 +125,8 @@ B<SHA256>, B<SHA384> or B<SHA512>. Note: algorithm and hash names are case
sensitive. B<signature_scheme> is one of the signature schemes defined in sensitive. B<signature_scheme> is one of the signature schemes defined in
TLSv1.3, specified using the IETF name, e.g., B<ecdsa_secp256r1_sha256>, TLSv1.3, specified using the IETF name, e.g., B<ecdsa_secp256r1_sha256>,
B<ed25519>, or B<rsa_pss_pss_sha256>. Additional providers may make available B<ed25519>, or B<rsa_pss_pss_sha256>. Additional providers may make available
further algorithms via the TLS_SIGALG capability. further algorithms via the TLS-SIGALG capability.
See L<provider-base(7)/CAPABILITIES>. See L<provider-base(7)>.
If this option is not set then all signature algorithms supported by all If this option is not set then all signature algorithms supported by all
activated providers are permissible. activated providers are permissible.
@ -161,9 +161,12 @@ where applicable (e.g. B<X25519>, B<ffdhe2048>) or an OpenSSL OID name
(e.g. B<prime256v1>). Group names are case sensitive. The list should be (e.g. B<prime256v1>). Group names are case sensitive. The list should be
in order of preference with the most preferred group first. in order of preference with the most preferred group first.
Currently supported groups for B<TLSv1.3> are B<P-256>, B<P-384>, B<P-521>, Groups for B<TLSv1.3> in the default provider are B<P-256>, B<P-384>,
B<X25519>, B<X448>, B<ffdhe2048>, B<ffdhe3072>, B<ffdhe4096>, B<ffdhe6144>, B<P-521>, B<X25519>, B<X448>, B<ffdhe2048>, B<ffdhe3072>, B<ffdhe4096>,
B<ffdhe8192>. B<ffdhe6144>, B<ffdhe8192>, B<brainpoolP256r1tls13>,
B<brainpoolP384r1tls13> and B<brainpoolP512r1tls13>.
Additional providers may make available further algorithms via the
TLS-GROUP capability. See L<provider-base(7)>.
=item B<-curves> I<groups> =item B<-curves> I<groups>