157 lines
6.9 KiB
HTML
Executable File
157 lines
6.9 KiB
HTML
Executable File
<?xml version="1.0" ?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>SSL_CTX_set1_curves</title>
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
|
<link rev="made" href="mailto:root@localhost" />
|
|
</head>
|
|
|
|
<body style="background-color: white">
|
|
|
|
|
|
<!-- INDEX BEGIN -->
|
|
<div name="index">
|
|
<p><a name="__index__"></a></p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#name">NAME</a></li>
|
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
|
<li><a href="#description">DESCRIPTION</a></li>
|
|
<li><a href="#notes">NOTES</a></li>
|
|
<li><a href="#return_values">RETURN VALUES</a></li>
|
|
<li><a href="#see_also">SEE ALSO</a></li>
|
|
<li><a href="#history">HISTORY</a></li>
|
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
|
</ul>
|
|
|
|
<hr name="index" />
|
|
</div>
|
|
<!-- INDEX END -->
|
|
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="name">NAME</a></h1>
|
|
<p>SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups,
|
|
SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group,
|
|
SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list,
|
|
SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve
|
|
- EC supported curve functions</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
|
<pre>
|
|
#include <openssl/ssl.h></pre>
|
|
<pre>
|
|
int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
|
|
int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list);</pre>
|
|
<pre>
|
|
int SSL_set1_groups(SSL *ssl, int *glist, int glistlen);
|
|
int SSL_set1_groups_list(SSL *ssl, char *list);</pre>
|
|
<pre>
|
|
int SSL_get1_groups(SSL *ssl, int *groups);
|
|
int SSL_get_shared_group(SSL *s, int n);
|
|
int SSL_get_negotiated_group(SSL *s);</pre>
|
|
<pre>
|
|
int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
|
|
int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);</pre>
|
|
<pre>
|
|
int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
|
|
int SSL_set1_curves_list(SSL *ssl, char *list);</pre>
|
|
<pre>
|
|
int SSL_get1_curves(SSL *ssl, int *curves);
|
|
int SSL_get_shared_curve(SSL *s, int n);</pre>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="description">DESCRIPTION</a></h1>
|
|
<p>For all of the functions below that set the supported groups there must be at
|
|
least one group in the list.</p>
|
|
<p>SSL_CTX_set1_groups() sets the supported groups for <strong>ctx</strong> to <strong>glistlen</strong>
|
|
groups in the array <strong>glist</strong>. The array consist of all NIDs of groups in
|
|
preference order. For a TLS client the groups are used directly in the
|
|
supported groups extension. For a TLS server the groups are used to
|
|
determine the set of shared groups. Currently supported groups for
|
|
<strong>TLSv1.3</strong> are <strong>NID_X9_62_prime256v1</strong>, <strong>NID_secp384r1</strong>, <strong>NID_secp521r1</strong>,
|
|
<strong>NID_X25519</strong>, <strong>NID_X448</strong>, <strong>NID_ffdhe2048</strong>, <strong>NID_ffdhe3072</strong>,
|
|
<strong>NID_ffdhe4096</strong>, <strong>NID_ffdhe6144</strong> and <strong>NID_ffdhe8192</strong>.</p>
|
|
<p>SSL_CTX_set1_groups_list() sets the supported groups for <strong>ctx</strong> to
|
|
string <strong>list</strong>. The string is a colon separated list of group NIDs or
|
|
names, for example "P-521:P-384:P-256:X25519:ffdhe2048". Currently supported
|
|
groups for <strong>TLSv1.3</strong> are <strong>P-256</strong>, <strong>P-384</strong>, <strong>P-521</strong>, <strong>X25519</strong>, <strong>X448</strong>,
|
|
<strong>ffdhe2048</strong>, <strong>ffdhe3072</strong>, <strong>ffdhe4096</strong>, <strong>ffdhe6144</strong>, <strong>ffdhe8192</strong>.</p>
|
|
<p>SSL_set1_groups() and SSL_set1_groups_list() are similar except they set
|
|
supported groups for the SSL structure <strong>ssl</strong>.</p>
|
|
<p>SSL_get1_groups() returns the set of supported groups sent by a client
|
|
in the supported groups extension. It returns the total number of
|
|
supported groups. The <strong>groups</strong> parameter can be <strong>NULL</strong> to simply
|
|
return the number of groups for memory allocation purposes. The
|
|
<strong>groups</strong> array is in the form of a set of group NIDs in preference
|
|
order. It can return zero if the client did not send a supported groups
|
|
extension.</p>
|
|
<p><code>SSL_get_shared_group()</code> returns shared group <strong>n</strong> for a server-side
|
|
SSL <strong>ssl</strong>. If <strong>n</strong> is -1 then the total number of shared groups is
|
|
returned, which may be zero. Other than for diagnostic purposes,
|
|
most applications will only be interested in the first shared group
|
|
so <strong>n</strong> is normally set to zero. If the value <strong>n</strong> is out of range,
|
|
NID_undef is returned.</p>
|
|
<p><code>SSL_get_negotiated_group()</code> returns the negotiated group on a TLSv1.3 connection
|
|
for key exchange. This can be called by either client or server.</p>
|
|
<p>All these functions are implemented as macros.</p>
|
|
<p>The curve functions are synonyms for the equivalently named group functions and
|
|
are identical in every respect. They exist because, prior to TLS1.3, there was
|
|
only the concept of supported curves. In TLS1.3 this was renamed to supported
|
|
groups, and extended to include Diffie Hellman groups. The group functions
|
|
should be used in preference.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="notes">NOTES</a></h1>
|
|
<p>If an application wishes to make use of several of these functions for
|
|
configuration purposes either on a command line or in a file it should
|
|
consider using the SSL_CONF interface instead of manually parsing options.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="return_values">RETURN VALUES</a></h1>
|
|
<p>SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and
|
|
SSL_set1_groups_list(), return 1 for success and 0 for failure.</p>
|
|
<p>SSL_get1_groups() returns the number of groups, which may be zero.</p>
|
|
<p><code>SSL_get_shared_group()</code> returns the NID of shared group <strong>n</strong> or NID_undef if there
|
|
is no shared group <strong>n</strong>; or the total number of shared groups if <strong>n</strong>
|
|
is -1.</p>
|
|
<p>When called on a client <strong>ssl</strong>, <code>SSL_get_shared_group()</code> has no meaning and
|
|
returns -1.</p>
|
|
<p><code>SSL_get_negotiated_group()</code> returns the NID of the negotiated group on a
|
|
TLSv1.3 connection for key exchange. Or it returns NID_undef if no negotiated
|
|
group.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
|
<p><em>ssl(7)</em>,
|
|
<em>SSL_CTX_add_extra_chain_cert(3)</em></p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="history">HISTORY</a></h1>
|
|
<p>The curve functions were added in OpenSSL 1.0.2. The equivalent group
|
|
functions were added in OpenSSL 1.1.1. The <code>SSL_get_negotiated_group()</code> function
|
|
was added in OpenSSL 3.0.0.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
|
<p>Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.</p>
|
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
|
|
|
</body>
|
|
|
|
</html>
|