From 8ab293189552d72b08283999a617fe1bfd425eab Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 19 Apr 2020 17:05:55 +0000 Subject: Add -groups option to openssl(1) s_server. This allows supported EC groups to be configured, which will also control which TLSv1.3 key shares we'll accept. While here, deprecate the rather useless -named_curve option, which is effectively the same as -groups with a single group. Also stop setting a single default group of P-256 via SSL_CTX_set_tmp_ecdh() - use the library defaults instead. ok beck@ inoguchi@ --- src/usr.bin/openssl/s_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/usr.bin/openssl/s_client.c') diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 443f00505e..02db7feac8 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.42 2020/02/16 16:39:01 jsing Exp $ */ +/* $OpenBSD: s_client.c,v 1.43 2020/04/19 17:05:55 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -245,7 +245,7 @@ sc_usage(void) BIO_printf(bio_err, " -status - request certificate status from server\n"); BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); - BIO_printf(bio_err, " -groups arg - specify EC curve groups (colon-separated list)\n"); + BIO_printf(bio_err, " -groups arg - specify EC groups (colon-separated list)\n"); #ifndef OPENSSL_NO_SRTP BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); #endif -- cgit v1.2.3-55-g6feb