From cbc8e9ce89ce30e3be90d9ad500becd3c26370e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= Date: Tue, 23 Jul 2019 15:57:58 +0200 Subject: ssl: Document option supported_groups --- lib/ssl/doc/src/ssl.xml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'lib/ssl/doc/src/ssl.xml') diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 3aa6e09c2c..05590666da 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -207,6 +207,10 @@ + + + + @@ -363,7 +367,20 @@

- + + + + +

TLS 1.3 introduces the "supported_groups" extension that is used for negotiating + the Diffie-Hellman parameters in a TLS 1.3 handshake. Both client and server + can specify a list of parameters that they are willing to use. +

+

If it is not specified it will use a default list ([x25519, x448, secp256r1, secp384r1]) that + is filtered based on the installed crypto library version. +

+ + +

Specifies if to reject renegotiation attempt that does @@ -919,6 +936,8 @@ fun(srp, Username :: string(), UserState :: term()) ->

The DER-encoded Diffie-Hellman parameters. If specified, it overrides option dhfile.

+

The dh_der option is not supported by TLS 1.3. Use the + supported_groups option instead.

 @@ -928,6 +947,8 @@ fun(srp, Username :: string(), UserState :: term()) -> parameters to be used by the server if a cipher suite using Diffie Hellman key exchange is negotiated. If not specified, default parameters are used.

+

The dh_file option is not supported by TLS 1.3. Use the + supported_groups option instead.

 -- cgit v1.2.3