manpagez: man pages & more
man SSL_CTX_set1_curves_list(3)
Home | html | info | man
SSL_CTX_SET1_CURVES(3ossl)          OpenSSL         SSL_CTX_SET1_CURVES(3ossl)



NAME

       SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups,
       SSL_set1_groups_list, SSL_get1_groups, SSL_get0_iana_groups,
       SSL_get_shared_group, SSL_get_negotiated_group, SSL_CTX_set1_curves,
       SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list,
       SSL_get1_curves, SSL_get_shared_curve - EC supported curve functions


SYNOPSIS

        #include <openssl/ssl.h>

        int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
        int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list);

        int SSL_set1_groups(SSL *ssl, int *glist, int glistlen);
        int SSL_set1_groups_list(SSL *ssl, char *list);

        int SSL_get1_groups(SSL *ssl, int *groups);
        int SSL_get0_iana_groups(SSL *ssl, uint16_t **out);
        int SSL_get_shared_group(SSL *s, int n);
        int SSL_get_negotiated_group(SSL *s);

        int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
        int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);

        int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
        int SSL_set1_curves_list(SSL *ssl, char *list);

        int SSL_get1_curves(SSL *ssl, int *curves);
        int SSL_get_shared_curve(SSL *s, int n);


DESCRIPTION

       For all of the functions below that set the supported groups there must
       be at least one group in the list. A number of these functions identify
       groups via a unique integer NID value. However, support for some groups
       may be added by external providers. In this case there will be no NID
       assigned for the group.  When setting such groups applications should
       use the "list" form of these functions (i.e. SSL_CTX_set1_groups_list()
       and SSL_set1_groups_list).

       SSL_CTX_set1_groups() sets the supported groups for ctx to glistlen
       groups in the array glist. The array consist of all NIDs of supported
       groups.  Currently supported groups for TLSv1.3 are
       NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_X25519,
       NID_X448, NID_brainpoolP256r1tls13, NID_brainpoolP384r1tls13,
       NID_brainpoolP512r1tls13, NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
       NID_ffdhe6144 and NID_ffdhe8192.  OpenSSL will use this array in
       different ways depending on TLS role and version:

       For a TLS client, the groups are used directly in the supported groups
       extension. The extension's preference order, to be evaluated by the
       server, is determined by the order of the elements in the array.
       For a TLS 1.2 server, the groups determine the selected group. If
       SSL_OP_CIPHER_SERVER_PREFERENCE is set, the order of the elements in
       the array determines the selected group. Otherwise, the order is
       ignored and the client's order determines the selection.
       For a TLS 1.3 server, the groups determine the selected group, but
       selection is more complex. A TLS 1.3 client sends both a group list as
       well as a predicted subset of groups. Choosing a group outside the
       predicted subset incurs an extra roundtrip. However, in some
       situations, the most preferred group may not be predicted. OpenSSL
       considers all supported groups to be comparable in security and
       prioritizes avoiding roundtrips above either client or server
       preference order. If an application uses an external provider to extend
       OpenSSL with, e.g., a post-quantum algorithm, this behavior may allow a
       network attacker to downgrade connections to a weaker algorithm.

       SSL_CTX_set1_groups_list() sets the supported groups for ctx to string
       list. The string is a colon separated list of group names, for example
       "P-521:P-384:P-256:X25519:ffdhe2048". The groups are used as in
       SSL_CTX_set1_groups(), described above. Currently supported groups for
       TLSv1.3 are P-256, P-384, P-521, X25519, X448, brainpoolP256r1tls13,
       brainpoolP384r1tls13, brainpoolP512r1tls13, ffdhe2048, ffdhe3072,
       ffdhe4096, ffdhe6144 and ffdhe8192. Support for other groups may be
       added by external providers, however note the discussion on TLS 1.3
       selection criteria above. If a group name is preceded with the "?"
       character, it will be ignored if an implementation is missing.

       SSL_set1_groups() and SSL_set1_groups_list() are similar except they
       set supported groups for the SSL structure ssl.

       SSL_get1_groups() returns the set of supported groups sent by a client
       in the supported groups extension. It returns the total number of
       supported groups. The groups parameter can be NULL to simply return the
       number of groups for memory allocation purposes. The groups array is in
       the form of a set of group NIDs in preference order. It can return zero
       if the client did not send a supported groups extension. If a supported
       group NID is unknown then the value is set to the bitwise OR of
       TLSEXT_nid_unknown (0x1000000) and the id of the group.

       SSL_get0_iana_groups() retrieves the list of groups sent by the client
       in the supported_groups extension.  The *out array of bytes is
       populated with the host-byte-order representation of the uint16_t group
       identifiers, as assigned by IANA.  The group list is returned in the
       same order that was received in the ClientHello.  The return value is
       the number of groups, not the number of bytes written.

       SSL_get_shared_group() returns the NID of the shared group n for a
       server-side SSL ssl. If n is -1 then the total number of shared groups
       is returned, which may be zero. Other than for diagnostic purposes,
       most applications will only be interested in the first shared group so
       n is normally set to zero. If the value n is out of range, NID_undef is
       returned. If the NID for the shared group is unknown then the value is
       set to the bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of
       the group.

       SSL_get_negotiated_group() returns the NID of the negotiated group used
       for the handshake key exchange process.  For TLSv1.3 connections this
       typically reflects the state of the current connection, though in the
       case of PSK-only resumption, the returned value will be from a previous
       connection.  For earlier TLS versions, when a session has been resumed,
       it always reflects the group used for key exchange during the initial
       handshake (otherwise it is from the current, non-resumption,
       connection).  This can be called by either client or server. If the NID
       for the shared group is unknown then the value is set to the bitwise OR
       of TLSEXT_nid_unknown (0x1000000) and the id of the group.

       All these functions are implemented as macros.

       The curve functions are synonyms for the equivalently named group
       functions and are identical in every respect. They exist because, prior
       to TLS1.3, there was only the concept of supported curves. In TLS1.3
       this was renamed to supported groups, and extended to include Diffie
       Hellman groups. The group functions should be used in preference.


NOTES

       If an application wishes to make use of several of these functions for
       configuration purposes either on a command line or in a file it should
       consider using the SSL_CONF interface instead of manually parsing
       options.


RETURN VALUES

       SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups()
       and SSL_set1_groups_list(), return 1 for success and 0 for failure.

       SSL_get1_groups() returns the number of groups, which may be zero.

       SSL_get0_iana_groups() returns the number of (uint16_t) groups, which
       may be zero.

       SSL_get_shared_group() returns the NID of shared group n or NID_undef
       if there is no shared group n; or the total number of shared groups if
       n is -1.

       When called on a client ssl, SSL_get_shared_group() has no meaning and
       returns -1.

       SSL_get_negotiated_group() returns the NID of the negotiated group used
       for key exchange, or NID_undef if there was no negotiated group.


SEE ALSO

       ssl(7), SSL_CTX_add_extra_chain_cert(3)


HISTORY

       The curve functions were added in OpenSSL 1.0.2. The equivalent group
       functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group()
       function was added in OpenSSL 3.0.0.

       Support for ignoring unknown groups in SSL_CTX_set1_groups_list() and
       SSL_set1_groups_list() was added in OpenSSL 3.3.

       Earlier versions of this document described the list as a preference
       order.  However, OpenSSL's behavior as a TLS 1.3 server is to consider
       all supported groups as comparable in security.


COPYRIGHT

       Copyright 2013-2024 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a copy
       in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.

3.3.2                             2024-09-04        SSL_CTX_SET1_CURVES(3ossl)

openssl 3.3.2 - Generated Tue Sep 24 13:56:03 CDT 2024
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.