Remove some out of date text inadvertently left behind

[openssl.git] / doc / man3 / SSL_CONF_cmd.pod

diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 6045a4f7d6dbbe4a4c17d0b8694b4cb77e4bde9b..18cc88f59b4c0180421d18ebc4144f22dc6aa7b7 100644 (file)
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -62,16 +62,25 @@ If a server does not request a certificate this option has no effect.
 The syntax of B<value> is identical to B<-sigalgs>. If not set then
 the value set for B<-sigalgs> will be used instead.
 
 The syntax of B<value> is identical to B<-sigalgs>. If not set then
 the value set for B<-sigalgs> will be used instead.
 

+=item B<-groups>
+
+This sets the supported groups. For clients, the groups are
+sent using the supported groups extension. For servers, it is used
+to determine which group to use. This setting affects groups used for both
+signatures and key exchange, if applicable. It also affects the preferred
+key_share sent by a client in a TLSv1.3 compatible connection.
+
+The B<value> argument is a colon separated list of groups. The group can be
+either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
+applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group
+names are case sensitive. The list should be in order of preference with the
+most preferred group first. The first listed group will be the one used for a
+key_share by a TLSv1.3 client.
+

 =item B<-curves>
 
 =item B<-curves>
 

-This sets the supported elliptic curves. For clients the curves are
-sent using the supported curves extension. For servers it is used
-to determine which curve to use. This setting affects curves used for both
-signatures and key exchange, if applicable.
+This is a synonym for the "-groups" command.

 
 

-The B<value> argument is a colon separated list of curves. The curve can be
-either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
-B<prime256v1>). Curve names are case sensitive.

 
 =item B<-named_curve>
 
 
 =item B<-named_curve>
 


@@ -110,6 +119,12 @@ Attempts to use the file B<value> as the set of temporary DH parameters for
 the appropriate context. This option is only supported if certificate
 operations are permitted.
 
 the appropriate context. This option is only supported if certificate
 operations are permitted.
 

+=item B<-record_padding>
+
+Attempts to pad TLS 1.3 records so that they are a multiple of B<value> in
+length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the
+B<value> must be >1 or <=16384.
+

 =item B<-min_protocol>, B<-max_protocol>
 
 Sets the minimum and maximum supported protocol.
 =item B<-min_protocol>, B<-max_protocol>
 
 Sets the minimum and maximum supported protocol.


@@ -217,6 +232,14 @@ These options indicate a file or directory used for building certificate
 chains or verifying certificate chains. These options are only supported
 if certificate operations are permitted.
 
 chains or verifying certificate chains. These options are only supported
 if certificate operations are permitted.
 

+=item B<RequestCAFile>
+
+This option indicates a file containing a set of certificates in PEM form.
+The subject names of the certificates are sent to the peer in the
+B<certificate_authorities> extension for TLS 1.3 (in ClientHello or
+CertificateRequest) or in a certificate request for previous versions or
+TLS.
+

 =item B<ServerInfoFile>
 
 Attempts to use the file B<value> in the "serverinfo" extension using the
 =item B<ServerInfoFile>
 
 Attempts to use the file B<value> in the "serverinfo" extension using the


@@ -228,6 +251,12 @@ Attempts to use the file B<value> as the set of temporary DH parameters for
 the appropriate context. This option is only supported if certificate
 operations are permitted.
 
 the appropriate context. This option is only supported if certificate
 operations are permitted.
 

+=item B<RecordPadding>
+
+Attempts to pad TLS 1.3 records so that they are a multiple of B<value> in
+length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the
+B<value> must be >1 or <=16384.
+

 =item B<SignatureAlgorithms>
 
 This sets the supported signature algorithms for TLS v1.2. For clients this
 =item B<SignatureAlgorithms>
 
 This sets the supported signature algorithms for TLS v1.2. For clients this


@@ -253,16 +282,24 @@ used to determine which signature algorithm to with the client certificate.
 The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then
 the value set for B<SignatureAlgorithms> will be used instead.
 
 The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then
 the value set for B<SignatureAlgorithms> will be used instead.
 

-=item B<Curves>
+=item B<Groups>

 
 

-This sets the supported elliptic curves. For clients the curves are
-sent using the supported curves extension. For servers it is used
-to determine which curve to use. This setting affects curves used for both
-signatures and key exchange, if applicable.
+This sets the supported groups. For clients, the groups are
+sent using the supported groups extension. For servers, it is used
+to determine which group to use. This setting affects groups used for both
+signatures and key exchange, if applicable. It also affects the preferred
+key_share sent by a client in a TLSv1.3 compatible connection.
+
+The B<value> argument is a colon separated list of groups. The group can be
+either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
+applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group
+names are case sensitive. The list should be in order of preference with the
+most preferred group first. The first listed group will be the one used for a
+key_share by a TLSv1.3 client.
+
+=item B<Curves>

 
 

-The B<value> argument is a colon separated list of curves. The curve can be
-either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
-B<prime256v1>). Curve names are case sensitive.
+This is a synonym for the "Groups" command.

 
 =item B<MinProtocol>
 
 
 =item B<MinProtocol>