SSL_CTX_set_ecdh_auto (3)
Leading comments
Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32) Standard preamble: ========================================================================
NAME
SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - EC supported curve functionsSYNOPSIS
#include <openssl/ssl.h> int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); int SSL_set1_curves_list(SSL *ssl, char *list); int SSL_get1_curves(SSL *ssl, int *curves); int SSL_get_shared_curve(SSL *s, int n); int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff); int SSL_set_ecdh_auto(SSL *s, int onoff);
DESCRIPTION
SSL_CTX_set1_curves() sets the supported curves for ctx to clistlen curves in the array clist. The array consist of all NIDs of curves in preference order. For aSSL_CTX_set1_curves_list() sets the supported curves for ctx to string list. The string is a colon separated list of curve NIDs or names, for example ``P-521:P-384:P-256''.
SSL_set1_curves() and SSL_set1_curves_list() are similar except they set supported curves for the
SSL_get1_curves() returns the set of supported curves sent by a client in the supported curves extension. It returns the total number of supported curves. The curves parameter can be
SSL_get_shared_curve() returns shared curve n for a server-side
SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve selection for server ctx or ssl to onoff. If onoff is 1 then the highest preference curve is automatically used for
All these functions are implemented as macros.
NOTES
If an application wishes to make use of several of these functions for configuration purposes either on a command line or in a file it should consider using theThe functions SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() can be used to make a server always choose the most appropriate curve for a client. If set it will override any temporary
SSL_CTX_set_ecdh_auto(ctx, 1);
and they will automatically support
RETURN VALUES
SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves(), SSL_set1_curves_list(), SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() return 1 for success and 0 for failure.SSL_get1_curves() returns the number of curves, which may be zero.
SSL_get_shared_curve() returns the
When called on a client ssl, SSL_get_shared_curve() has no meaning and returns -1.