libssl/man/SSL_CTX_set1_groups.3

*9b1b080bSschwarze.\"	$OpenBSD: SSL_CTX_set1_groups.3,v 1.1 2017/08/12 14:09:34 schwarze Exp $
*9b1b080bSschwarze.\"	OpenSSL SSL_CTX_set1_curves.pod de4d764e Nov 9 14:51:06 2016 +0000
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
*9b1b080bSschwarze.\" Copyright (c) 2013, 2014, 2016 The OpenSSL Project.  All rights reserved.
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.\" Redistribution and use in source and binary forms, with or without
*9b1b080bSschwarze.\" modification, are permitted provided that the following conditions
*9b1b080bSschwarze.\" are met:
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.\" 1. Redistributions of source code must retain the above copyright
*9b1b080bSschwarze.\"    notice, this list of conditions and the following disclaimer.
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.\" 2. Redistributions in binary form must reproduce the above copyright
*9b1b080bSschwarze.\"    notice, this list of conditions and the following disclaimer in
*9b1b080bSschwarze.\"    the documentation and/or other materials provided with the
*9b1b080bSschwarze.\"    distribution.
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.\" 3. All advertising materials mentioning features or use of this
*9b1b080bSschwarze.\"    software must display the following acknowledgment:
*9b1b080bSschwarze.\"    "This product includes software developed by the OpenSSL Project
*9b1b080bSschwarze.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
*9b1b080bSschwarze.\"    endorse or promote products derived from this software without
*9b1b080bSschwarze.\"    prior written permission. For written permission, please contact
*9b1b080bSschwarze.\"    openssl-core@openssl.org.
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.\" 5. Products derived from this software may not be called "OpenSSL"
*9b1b080bSschwarze.\"    nor may "OpenSSL" appear in their names without prior written
*9b1b080bSschwarze.\"    permission of the OpenSSL Project.
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.\" 6. Redistributions of any form whatsoever must retain the following
*9b1b080bSschwarze.\"    acknowledgment:
*9b1b080bSschwarze.\"    "This product includes software developed by the OpenSSL Project
*9b1b080bSschwarze.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
*9b1b080bSschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
*9b1b080bSschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
*9b1b080bSschwarze.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
*9b1b080bSschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
*9b1b080bSschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
*9b1b080bSschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
*9b1b080bSschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
*9b1b080bSschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
*9b1b080bSschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
*9b1b080bSschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
*9b1b080bSschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE.
*9b1b080bSschwarze.\"
*9b1b080bSschwarze.Dd $Mdocdate: August 12 2017 $
*9b1b080bSschwarze.Dt SSL_CTX_SET1_GROUPS 3
*9b1b080bSschwarze.Os
*9b1b080bSschwarze.Sh NAME
*9b1b080bSschwarze.Nm SSL_CTX_set1_groups ,
*9b1b080bSschwarze.Nm SSL_CTX_set1_groups_list ,
*9b1b080bSschwarze.Nm SSL_set1_groups ,
*9b1b080bSschwarze.Nm SSL_set1_groups_list ,
*9b1b080bSschwarze.Nm SSL_CTX_set1_curves ,
*9b1b080bSschwarze.Nm SSL_CTX_set1_curves_list ,
*9b1b080bSschwarze.Nm SSL_set1_curves ,
*9b1b080bSschwarze.Nm SSL_set1_curves_list
*9b1b080bSschwarze.Nd choose supported EC groups
*9b1b080bSschwarze.Sh SYNOPSIS
*9b1b080bSschwarze.In openssl/ssl.h
*9b1b080bSschwarze.Ft int
*9b1b080bSschwarze.Fo SSL_CTX_set1_groups
*9b1b080bSschwarze.Fa "SSL_CTX *ctx"
*9b1b080bSschwarze.Fa "const int *glist"
*9b1b080bSschwarze.Fa "size_t glistlen"
*9b1b080bSschwarze.Fc
*9b1b080bSschwarze.Ft int
*9b1b080bSschwarze.Fo SSL_CTX_set1_groups_list
*9b1b080bSschwarze.Fa "SSL_CTX *ctx"
*9b1b080bSschwarze.Fa "const char *list"
*9b1b080bSschwarze.Fc
*9b1b080bSschwarze.Ft int
*9b1b080bSschwarze.Fo SSL_set1_groups
*9b1b080bSschwarze.Fa "SSL *ssl"
*9b1b080bSschwarze.Fa "const int *glist"
*9b1b080bSschwarze.Fa "size_t glistlen"
*9b1b080bSschwarze.Fc
*9b1b080bSschwarze.Ft int
*9b1b080bSschwarze.Fo SSL_set1_groups_list
*9b1b080bSschwarze.Fa "SSL *ssl"
*9b1b080bSschwarze.Fa "const char *list"
*9b1b080bSschwarze.Fc
*9b1b080bSschwarze.Ft int
*9b1b080bSschwarze.Fo SSL_CTX_set1_curves
*9b1b080bSschwarze.Fa "SSL_CTX *ctx"
*9b1b080bSschwarze.Fa "const int *clist"
*9b1b080bSschwarze.Fa "size_t clistlen"
*9b1b080bSschwarze.Fc
*9b1b080bSschwarze.Ft int
*9b1b080bSschwarze.Fo SSL_CTX_set1_curves_list
*9b1b080bSschwarze.Fa "SSL_CTX *ctx"
*9b1b080bSschwarze.Fa "const char *list"
*9b1b080bSschwarze.Fc
*9b1b080bSschwarze.Ft int
*9b1b080bSschwarze.Fo SSL_set1_curves
*9b1b080bSschwarze.Fa "SSL *ssl"
*9b1b080bSschwarze.Fa "const int *clist"
*9b1b080bSschwarze.Fa "size_t clistlen"
*9b1b080bSschwarze.Fc
*9b1b080bSschwarze.Ft int
*9b1b080bSschwarze.Fo SSL_set1_curves_list
*9b1b080bSschwarze.Fa "SSL *ssl"
*9b1b080bSschwarze.Fa "const char *list"
*9b1b080bSschwarze.Fc
*9b1b080bSschwarze.Sh DESCRIPTION
*9b1b080bSschwarze.Fn SSL_CTX_set1_groups
*9b1b080bSschwarzesets the supported groups for
*9b1b080bSschwarze.Fa ctx
*9b1b080bSschwarzeto the
*9b1b080bSschwarze.Fa glistlen
*9b1b080bSschwarzegroups in the array
*9b1b080bSschwarze.Fa glist .
*9b1b080bSschwarzeThe array consist of group NIDs in preference order.
*9b1b080bSschwarzeFor a TLS client, the groups are used directly in the supported groups
*9b1b080bSschwarzeextension.
*9b1b080bSschwarzeFor a TLS server, the groups are used to determine the set of shared
*9b1b080bSschwarzegroups.
*9b1b080bSschwarze.Pp
*9b1b080bSschwarze.Fn SSL_CTX_set1_groups_list
*9b1b080bSschwarzesets the supported groups for
*9b1b080bSschwarze.Fa ctx
*9b1b080bSschwarzeto the
*9b1b080bSschwarze.Fa list
*9b1b080bSschwarzerepresented as a colon separated list of group NIDs or names, for example
*9b1b080bSschwarze"P-521:P-384:P-256".
*9b1b080bSschwarze.Pp
*9b1b080bSschwarze.Fn SSL_set1_groups
*9b1b080bSschwarzeand
*9b1b080bSschwarze.Fn SSL_set1_groups_list
*9b1b080bSschwarzeare similar except that they set supported groups for the SSL structure
*9b1b080bSschwarze.Fa ssl
*9b1b080bSschwarzeonly.
*9b1b080bSschwarze.Pp
*9b1b080bSschwarzeThe curve functions are deprecated synonyms for the equivalently
*9b1b080bSschwarzenamed group functions and are identical in every respect except
*9b1b080bSschwarzethat they are implemented as macros.
*9b1b080bSschwarzeThey exist because prior to TLS1.3, there was only the concept of
*9b1b080bSschwarzesupported curves.
*9b1b080bSschwarzeIn TLS1.3, this was renamed to supported groups and extended to include
*9b1b080bSschwarzeDiffie Hellman groups.
*9b1b080bSschwarze.Pp
*9b1b080bSschwarzeIf an application wishes to make use of several of these functions for
*9b1b080bSschwarzeconfiguration purposes either on a command line or in a file, it should
*9b1b080bSschwarzeconsider using the SSL_CONF interface instead of manually parsing
*9b1b080bSschwarzeoptions.
*9b1b080bSschwarze.Sh RETURN VALUES
*9b1b080bSschwarzeAll these functions return 1 for success or 0 for failure.
*9b1b080bSschwarze.Sh SEE ALSO
*9b1b080bSschwarze.Xr ssl 3 ,
*9b1b080bSschwarze.Xr SSL_CTX_add_extra_chain_cert 3 ,
*9b1b080bSschwarze.Xr SSL_CTX_set_cipher_list 3 ,
*9b1b080bSschwarze.Xr SSL_CTX_set_options 3 ,
*9b1b080bSschwarze.Xr SSL_new 3
*9b1b080bSschwarze.Sh HISTORY
*9b1b080bSschwarzeThe curve functions first appeared in OpenSSL 1.0.2
*9b1b080bSschwarzeand the group functions in OpenSSL 1.1.1.