Add a tls_config_set_ecdhecurves() function to libtls, which allows the

names of the elliptic curves that may be used during client and server key exchange to be specified. This deprecates tls_config_set_ecdhecurve(), which could only be used to specify a single supported curve. ok beck@
author: jsing <> 2017-08-10 18:18:30 +0000
committer: jsing <> 2017-08-10 18:18:30 +0000
commit: ae58363a3ade3f9016687060c0c4efe3702141f8 (patch)
tree: aa634cd28684f262545acd66044eaf7fc4201389 /src/lib/libtls/man
parent: f6039d62295a1c6b1188b531731d233d196faf0d (diff)
download: openbsd-ae58363a3ade3f9016687060c0c4efe3702141f8.tar.gz
openbsd-ae58363a3ade3f9016687060c0c4efe3702141f8.tar.bz2
openbsd-ae58363a3ade3f9016687060c0c4efe3702141f8.zip
1 files changed, 13 insertions, 6 deletions
diff --git a/src/lib/libtls/man/tls_config_set_protocols.3 b/src/lib/libtls/man/tls_config_set_protocols.3
index b2f31eabd5..e16abe44d5 100644
--- a/src/lib/libtls/man/tls_config_set_protocols.3
+++ b/src/lib/libtls/man/tls_config_set_protocols.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_config_set_protocols.3,v 1.3 2017/01/28 00:59:36 schwarze Exp $
+.\" $OpenBSD: tls_config_set_protocols.3,v 1.4 2017/08/10 18:18:30 jsing Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\" Copyright (c) 2015, 2016 Joel Sing <jsing@openbsd.org>
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 28 2017 $
+.Dd $Mdocdate: August 10 2017 $
 .Dt TLS_CONFIG_SET_PROTOCOLS 3
 .Os
 .Sh NAME
@@ -25,7 +25,7 @@
 .Nm tls_config_set_alpn ,
 .Nm tls_config_set_ciphers ,
 .Nm tls_config_set_dheparams ,
-.Nm tls_config_set_ecdhecurve ,
+.Nm tls_config_set_ecdhecurves ,
 .Nm tls_config_prefer_ciphers_client ,
 .Nm tls_config_prefer_ciphers_server
 .Nd TLS protocol and cipher selection
@@ -57,9 +57,9 @@
 .Fa "const char *params"
 .Fc
 .Ft int
-.Fo tls_config_set_ecdhecurve
+.Fo tls_config_set_ecdhecurves
 .Fa "struct tls_config *config"
-.Fa "const char *name"
+.Fa "const char *curves"
 .Fc
 .Ft void
 .Fn tls_config_prefer_ciphers_client "struct tls_config *config"
@@ -126,7 +126,14 @@ See the CIPHERS section of
 .Xr openssl 1
 for further information.
 .\" XXX tls_config_set_dheparams does what?
-.\" XXX tls_config_set_ecdhecurve does what?
+.Pp
+.Fn tls_config_set_ecdhecurves
+specifies the names of the elliptic curves that may be used during key exchange.
+This is a comma separated list, given in order of preference.
+The special value of "default" will use the default curves (currently X25519,
+P-256 and P-384). This function replaces
+.Fn tls_config_set_ecdhecurve ,
+which is deprecated.
 .Pp
 .Fn tls_config_prefer_ciphers_client
 prefers ciphers in the client's cipher list when selecting a cipher suite
author	jsing <>	2017-08-10 18:18:30 +0000
committer	jsing <>	2017-08-10 18:18:30 +0000
commit	ae58363a3ade3f9016687060c0c4efe3702141f8 (patch)
tree	aa634cd28684f262545acd66044eaf7fc4201389 /src/lib/libtls/man
parent	f6039d62295a1c6b1188b531731d233d196faf0d (diff)
download	openbsd-ae58363a3ade3f9016687060c0c4efe3702141f8.tar.gz openbsd-ae58363a3ade3f9016687060c0c4efe3702141f8.tar.bz2 openbsd-ae58363a3ade3f9016687060c0c4efe3702141f8.zip