Add -groups option to openssl(1) s_server.

This allows supported EC groups to be configured, which will also control
which TLSv1.3 key shares we'll accept. While here, deprecate the rather
useless -named_curve option, which is effectively the same as -groups with
a single group. Also stop setting a single default group of P-256 via
SSL_CTX_set_tmp_ecdh() - use the library defaults instead.

ok beck@ inoguchi@

1 files changed, 2 insertions, 2 deletions

diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 443f00505e..02db7feac8 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.42 2020/02/16 16:39:01 jsing Exp $ */
+/* $OpenBSD: s_client.c,v 1.43 2020/04/19 17:05:55 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -245,7 +245,7 @@ sc_usage(void)
         BIO_printf(bio_err, " -status           - request certificate status from server\n");
         BIO_printf(bio_err, " -no_ticket        - disable use of RFC4507bis session tickets\n");
         BIO_printf(bio_err, " -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
-        BIO_printf(bio_err, " -groups arg       - specify EC curve groups (colon-separated list)\n");
+        BIO_printf(bio_err, " -groups arg       - specify EC groups (colon-separated list)\n");
 #ifndef OPENSSL_NO_SRTP
         BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
 #endif