TeaSpeak/openssl-prebuild
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
fac3c18e6c
openssl-prebuild/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html
WolverinDEV fac3c18e6c Initial upload
2020-03-02 16:50:34 +00:00

157 lines
6.9 KiB
HTML
Executable File
Raw Blame History

<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SSL_CTX_set1_curves</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
</head>
<body style="background-color: white">
<!-- INDEX BEGIN -->
<div name="index">
<p><a name="__index__"></a></p>
<ul>
<li><a href="#name">NAME</a></li>
<li><a href="#synopsis">SYNOPSIS</a></li>
<li><a href="#description">DESCRIPTION</a></li>
<li><a href="#notes">NOTES</a></li>
<li><a href="#return_values">RETURN VALUES</a></li>
<li><a href="#see_also">SEE ALSO</a></li>
<li><a href="#history">HISTORY</a></li>
<li><a href="#copyright">COPYRIGHT</a></li>
</ul>
<hr name="index" />
</div>
<!-- INDEX END -->
<p>
</p>
<hr />
<h1><a name="name">NAME</a></h1>
<p>SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups,
SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group,
SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list,
SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve
- EC supported curve functions</p>
<p>
</p>
<hr />
<h1><a name="synopsis">SYNOPSIS</a></h1>
<pre>
#include &lt;openssl/ssl.h&gt;</pre>
<pre>
int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list);</pre>
<pre>
int SSL_set1_groups(SSL *ssl, int *glist, int glistlen);
int SSL_set1_groups_list(SSL *ssl, char *list);</pre>
<pre>
int SSL_get1_groups(SSL *ssl, int *groups);
int SSL_get_shared_group(SSL *s, int n);
int SSL_get_negotiated_group(SSL *s);</pre>
<pre>
int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);</pre>
<pre>
int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
int SSL_set1_curves_list(SSL *ssl, char *list);</pre>
<pre>
int SSL_get1_curves(SSL *ssl, int *curves);
int SSL_get_shared_curve(SSL *s, int n);</pre>
<p>
</p>
<hr />
<h1><a name="description">DESCRIPTION</a></h1>
<p>For all of the functions below that set the supported groups there must be at
least one group in the list.</p>
<p>SSL_CTX_set1_groups() sets the supported groups for <strong>ctx</strong> to <strong>glistlen</strong>
groups in the array <strong>glist</strong>. The array consist of all NIDs of groups in
preference order. For a TLS client the groups are used directly in the
supported groups extension. For a TLS server the groups are used to
determine the set of shared groups. Currently supported groups for
<strong>TLSv1.3</strong> are <strong>NID_X9_62_prime256v1</strong>, <strong>NID_secp384r1</strong>, <strong>NID_secp521r1</strong>,
<strong>NID_X25519</strong>, <strong>NID_X448</strong>, <strong>NID_ffdhe2048</strong>, <strong>NID_ffdhe3072</strong>,
<strong>NID_ffdhe4096</strong>, <strong>NID_ffdhe6144</strong> and <strong>NID_ffdhe8192</strong>.</p>
<p>SSL_CTX_set1_groups_list() sets the supported groups for <strong>ctx</strong> to
string <strong>list</strong>. The string is a colon separated list of group NIDs or
names, for example &quot;P-521:P-384:P-256:X25519:ffdhe2048&quot;. Currently supported
groups for <strong>TLSv1.3</strong> are <strong>P-256</strong>, <strong>P-384</strong>, <strong>P-521</strong>, <strong>X25519</strong>, <strong>X448</strong>,
<strong>ffdhe2048</strong>, <strong>ffdhe3072</strong>, <strong>ffdhe4096</strong>, <strong>ffdhe6144</strong>, <strong>ffdhe8192</strong>.</p>
<p>SSL_set1_groups() and SSL_set1_groups_list() are similar except they set
supported groups for the SSL structure <strong>ssl</strong>.</p>
<p>SSL_get1_groups() returns the set of supported groups sent by a client
in the supported groups extension. It returns the total number of
supported groups. The <strong>groups</strong> parameter can be <strong>NULL</strong> to simply
return the number of groups for memory allocation purposes. The
<strong>groups</strong> array is in the form of a set of group NIDs in preference
order. It can return zero if the client did not send a supported groups
extension.</p>
<p><code>SSL_get_shared_group()</code> returns shared group <strong>n</strong> for a server-side
SSL <strong>ssl</strong>. If <strong>n</strong> is -1 then the total number of shared groups is
returned, which may be zero. Other than for diagnostic purposes,
most applications will only be interested in the first shared group
so <strong>n</strong> is normally set to zero. If the value <strong>n</strong> is out of range,
NID_undef is returned.</p>
<p><code>SSL_get_negotiated_group()</code> returns the negotiated group on a TLSv1.3 connection
for key exchange. This can be called by either client or server.</p>
<p>All these functions are implemented as macros.</p>
<p>The curve functions are synonyms for the equivalently named group functions and
are identical in every respect. They exist because, prior to TLS1.3, there was
only the concept of supported curves. In TLS1.3 this was renamed to supported
groups, and extended to include Diffie Hellman groups. The group functions
should be used in preference.</p>
<p>
</p>
<hr />
<h1><a name="notes">NOTES</a></h1>
<p>If an application wishes to make use of several of these functions for
configuration purposes either on a command line or in a file it should
consider using the SSL_CONF interface instead of manually parsing options.</p>
<p>
</p>
<hr />
<h1><a name="return_values">RETURN VALUES</a></h1>
<p>SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and
SSL_set1_groups_list(), return 1 for success and 0 for failure.</p>
<p>SSL_get1_groups() returns the number of groups, which may be zero.</p>
<p><code>SSL_get_shared_group()</code> returns the NID of shared group <strong>n</strong> or NID_undef if there
is no shared group <strong>n</strong>; or the total number of shared groups if <strong>n</strong>
is -1.</p>
<p>When called on a client <strong>ssl</strong>, <code>SSL_get_shared_group()</code> has no meaning and
returns -1.</p>
<p><code>SSL_get_negotiated_group()</code> returns the NID of the negotiated group on a
TLSv1.3 connection for key exchange. Or it returns NID_undef if no negotiated
group.</p>
<p>
</p>
<hr />
<h1><a name="see_also">SEE ALSO</a></h1>
<p><em>ssl(7)</em>,
<em>SSL_CTX_add_extra_chain_cert(3)</em></p>
<p>
</p>
<hr />
<h1><a name="history">HISTORY</a></h1>
<p>The curve functions were added in OpenSSL 1.0.2. The equivalent group
functions were added in OpenSSL 1.1.1. The <code>SSL_get_negotiated_group()</code> function
was added in OpenSSL 3.0.0.</p>
<p>
</p>
<hr />
<h1><a name="copyright">COPYRIGHT</a></h1>
<p>Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.</p>
<p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink