Skip to content

Commit 49cf2cd

Browse files
bmomjianbmomjian
committed
doc: improve ssl_ecdh_curve descriptions
Patch by Marko Kreen
1 parent b8cc8f9 commit 49cf2cd

File tree

2 files changed

+20
-9
lines changed

2 files changed

+20
-9
lines changed

doc/src/sgml/config.sgml

+14-4
Original file line numberDiff line numberDiff line change
@@ -1020,13 +1020,23 @@ include 'filename'
10201020
</term>
10211021
<listitem>
10221022
<para>
1023-
Specifies the name of the curve to use in ECDH key exchanges. The
1024-
default is <literal>prime256p1</>.
1023+
Specifies the name of the curve to use in ECDH key exchange.
1024+
It needs to be supported by all clients that connect.
1025+
It does not need to be same curve as used by server's
1026+
Elliptic Curve key. The default is <literal>prime256v1</>.
10251027
</para>
10261028

10271029
<para>
1028-
The list of available curves can be shown with the command
1029-
<literal>openssl ecparam -list_curves</literal>.
1030+
OpenSSL names for most common curves:
1031+
<literal>prime256v1</> (NIST P-256),
1032+
<literal>secp384r1</> (NIST P-384),
1033+
<literal>secp521r1</> (NIST P-521).
1034+
</para>
1035+
1036+
<para>
1037+
The full list of available curves can be shown with the command
1038+
<literal>openssl ecparam -list_curves</literal>. Not all of them
1039+
are usable in TLS though.
10301040
</para>
10311041
</listitem>
10321042
</varlistentry>

doc/src/sgml/release-9.4.sgml

+6-5
Original file line numberDiff line numberDiff line change
@@ -616,17 +616,18 @@
616616
</para>
617617

618618
<para>
619-
Such keys are faster and have improved security over previous
620-
options. The new configuration
621-
parameter <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
622-
controls which curve is used.
619+
This allows use of Elliptic Curve keys for server authentication.
620+
Such keys are faster and have improved security over <acronym>RSA</> keys.
621+
The new configuration parameter
622+
<link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
623+
controls which curve is used for <acronym>ECDH</>.
623624
</para>
624625
</listitem>
625626

626627
<listitem>
627628
<para>
628629
Improve the default <link
629-
linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> ciphers
630+
linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> value
630631
(Marko Kreen)
631632
</para>
632633
</listitem>

0 commit comments

Comments
 (0)