1=pod 2 3=head1 NAME 4 5SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, 6SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, 7SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, 8SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve 9- EC supported curve functions 10 11=head1 SYNOPSIS 12 13 #include <openssl/ssl.h> 14 15 int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); 16 int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); 17 18 int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); 19 int SSL_set1_groups_list(SSL *ssl, char *list); 20 21 int SSL_get1_groups(SSL *ssl, int *groups); 22 int SSL_get_shared_group(SSL *s, int n); 23 24 int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); 25 int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); 26 27 int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); 28 int SSL_set1_curves_list(SSL *ssl, char *list); 29 30 int SSL_get1_curves(SSL *ssl, int *curves); 31 int SSL_get_shared_curve(SSL *s, int n); 32 33=head1 DESCRIPTION 34 35For all of the functions below that set the supported groups there must be at 36least one group in the list. 37 38SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen> 39groups in the array B<glist>. The array consist of all NIDs of groups in 40preference order. For a TLS client the groups are used directly in the 41supported groups extension. For a TLS server the groups are used to 42determine the set of shared groups. 43 44SSL_CTX_set1_groups_list() sets the supported groups for B<ctx> to 45string B<list>. The string is a colon separated list of group NIDs or 46names, for example "P-521:P-384:P-256". 47 48SSL_set1_groups() and SSL_set1_groups_list() are similar except they set 49supported groups for the SSL structure B<ssl>. 50 51SSL_get1_groups() returns the set of supported groups sent by a client 52in the supported groups extension. It returns the total number of 53supported groups. The B<groups> parameter can be B<NULL> to simply 54return the number of groups for memory allocation purposes. The 55B<groups> array is in the form of a set of group NIDs in preference 56order. It can return zero if the client did not send a supported groups 57extension. 58 59SSL_get_shared_group() returns shared group B<n> for a server-side 60SSL B<ssl>. If B<n> is -1 then the total number of shared groups is 61returned, which may be zero. Other than for diagnostic purposes, 62most applications will only be interested in the first shared group 63so B<n> is normally set to zero. If the value B<n> is out of range, 64NID_undef is returned. 65 66All these functions are implemented as macros. 67 68The curve functions are synonyms for the equivalently named group functions and 69are identical in every respect. They exist because, prior to TLS1.3, there was 70only the concept of supported curves. In TLS1.3 this was renamed to supported 71groups, and extended to include Diffie Hellman groups. The group functions 72should be used in preference. 73 74=head1 NOTES 75 76If an application wishes to make use of several of these functions for 77configuration purposes either on a command line or in a file it should 78consider using the SSL_CONF interface instead of manually parsing options. 79 80=head1 RETURN VALUES 81 82SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and 83SSL_set1_groups_list(), return 1 for success and 0 for failure. 84 85SSL_get1_groups() returns the number of groups, which may be zero. 86 87SSL_get_shared_group() returns the NID of shared group B<n> or NID_undef if there 88is no shared group B<n>; or the total number of shared groups if B<n> 89is -1. 90 91When called on a client B<ssl>, SSL_get_shared_group() has no meaning and 92returns -1. 93 94=head1 SEE ALSO 95 96L<SSL_CTX_add_extra_chain_cert(3)> 97 98=head1 HISTORY 99 100The curve functions were added in OpenSSL 1.0.2. The equivalent group 101functions were added in OpenSSL 1.1.1. 102 103=head1 COPYRIGHT 104 105Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. 106 107Licensed under the OpenSSL license (the "License"). You may not use 108this file except in compliance with the License. You can obtain a copy 109in the file LICENSE in the source distribution or at 110L<https://www.openssl.org/source/license.html>. 111 112=cut 113