Sortix nightly manual
This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
SSL_CTX_SET1_GROUPS(3) | Library Functions Manual | SSL_CTX_SET1_GROUPS(3) |
NAME
SSL_CTX_set1_groups
,
SSL_CTX_set1_groups_list
,
SSL_set1_groups
,
SSL_set1_groups_list
,
SSL_CTX_set1_curves
,
SSL_CTX_set1_curves_list
,
SSL_set1_curves
,
SSL_set1_curves_list
—
choose supported EC groups
SYNOPSIS
#include
<openssl/ssl.h>
int
SSL_CTX_set1_groups
(SSL_CTX
*ctx, const int *glist,
size_t glistlen);
int
SSL_CTX_set1_groups_list
(SSL_CTX
*ctx, const char *list);
int
SSL_set1_groups
(SSL
*ssl, const int *glist,
size_t glistlen);
int
SSL_set1_groups_list
(SSL
*ssl, const char *list);
int
SSL_CTX_set1_curves
(SSL_CTX
*ctx, const int *clist,
size_t clistlen);
int
SSL_CTX_set1_curves_list
(SSL_CTX
*ctx, const char *list);
int
SSL_set1_curves
(SSL
*ssl, const int *clist,
size_t clistlen);
int
SSL_set1_curves_list
(SSL
*ssl, const char *list);
DESCRIPTION
SSL_CTX_set1_groups
() sets the supported
groups for ctx to the
glistlen groups in the array
glist. The array consists of group NIDs in
preference order. For a TLS client, the groups are used directly in the
supported groups extension. For a TLS server, the groups are used to determine
the set of shared groups.
SSL_CTX_set1_groups_list
() sets the supported
groups for ctx to the
list represented as a colon separated list of
group NIDs or names, for example "P-521:P-384:P-256".
SSL_set1_groups
() and
SSL_set1_groups_list
() are similar except
that they set supported groups for the SSL structure
ssl only.
The curve functions are deprecated synonyms for the equivalently named group
functions and are identical in every respect except that they are implemented
as macros. They exist because prior to TLS1.3, there was only the concept of
supported curves. In TLS1.3, this was renamed to supported groups and extended
to include Diffie Hellman groups.
If an application wishes to make use of several of these functions for
configuration purposes either on a command line or in a file, it should
consider using the SSL_CONF interface instead of manually parsing options.
RETURN VALUES
All these functions return 1 for success or 0 for failure.SEE ALSO
ssl(3), SSL_CTX_add_extra_chain_cert(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3), SSL_new(3)HISTORY
The curve functions first appeared in OpenSSL 1.0.2 and the group functions in OpenSSL 1.1.1. Both have been available since OpenBSD 6.1.August 19, 2017 | Debian |