Commit49cf2cd

committed

doc: improve ssl_ecdh_curve descriptions

Patch by Marko Kreen

1 parentb8cc8f9 commit49cf2cdCopy full SHA for 49cf2cd

File tree

+20

-9

lines changed

+20

-9

lines changed

Lines changed: 14 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -1020,13 +1020,23 @@ include 'filename'`
`1020`	`1020`	`</term>`
`1021`	`1021`	`<listitem>`
`1022`	`1022`	`<para>`
`1023`		`- Specifies the name of the curve to use in ECDH key exchanges. The`
`1024`		`- default is <literal>prime256p1</>.`
	`1023`	`+ Specifies the name of the curve to use in ECDH key exchange.`
	`1024`	`+ It needs to be supported by all clients that connect.`
	`1025`	`+ It does not need to be same curve as used by server's`
	`1026`	`+ Elliptic Curve key. The default is <literal>prime256v1</>.`
`1025`	`1027`	`</para>`
`1026`	`1028`
`1027`	`1029`	`<para>`
`1028`		`- The list of available curves can be shown with the command`
`1029`		`- <literal>openssl ecparam -list_curves</literal>.`
	`1030`	`+ OpenSSL names for most common curves:`
	`1031`	`+ <literal>prime256v1</> (NIST P-256),`
	`1032`	`+ <literal>secp384r1</> (NIST P-384),`
	`1033`	`+ <literal>secp521r1</> (NIST P-521).`
	`1034`	`+ </para>`
	`1035`	`+`
	`1036`	`+ <para>`
	`1037`	`+ The full list of available curves can be shown with the command`
	`1038`	`+ <literal>openssl ecparam -list_curves</literal>. Not all of them`
	`1039`	`+ are usable in TLS though.`
`1030`	`1040`	`</para>`
`1031`	`1041`	`</listitem>`
`1032`	`1042`	`</varlistentry>`

Lines changed: 6 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -616,17 +616,18 @@`
`616`	`616`	`</para>`
`617`	`617`
`618`	`618`	`<para>`
`619`		`- Such keys are faster and have improved security over previous`
`620`		`- options. The new configuration`
`621`		`- parameter <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>`
`622`		`- controls which curve is used.`
	`619`	`+ This allows use of Elliptic Curve keys for server authentication.`
	`620`	`+ Such keys are faster and have improved security over <acronym>RSA</> keys.`
	`621`	`+ The new configuration parameter`
	`622`	`+ <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>`
	`623`	`+ controls which curve is used for <acronym>ECDH</>.`
`623`	`624`	`</para>`
`624`	`625`	`</listitem>`
`625`	`626`
`626`	`627`	`<listitem>`
`627`	`628`	`<para>`
`628`	`629`	`Improve the default <link`
`629`		`- linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link>ciphers`
	`630`	`+ linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link>value`
`630`	`631`	`(Marko Kreen)`
`631`	`632`	`</para>`
`632`	`633`	`</listitem>`

Comments

(0)