SSL_CTX_set1_curves(3)              OpenSSL             SSL_CTX_set1_curves(3)


NNAAMMEE
       SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves,
       SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve,
       SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - EC supported curve functions

SSYYNNOOPPSSIISS
        #include <openssl/ssl.h>

        int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
        int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);

        int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
        int SSL_set1_curves_list(SSL *ssl, char *list);

        int SSL_get1_curves(SSL *ssl, int *curves);
        int SSL_get_shared_curve(SSL *s, int n);

        int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff);
        int SSL_set_ecdh_auto(SSL *s, int onoff);

DDEESSCCRRIIPPTTIIOONN
       _S_S_L___C_T_X___s_e_t_1___c_u_r_v_e_s_(_) sets the supported curves for ccttxx to cclliissttlleenn
       curves in the array cclliisstt. The array consist of all NIDs of curves in
       preference order. For a TLS client the curves are used directly in the
       supported curves extension. For a TLS server the curves are used to
       determine the set of shared curves.

       _S_S_L___C_T_X___s_e_t_1___c_u_r_v_e_s___l_i_s_t_(_) sets the supported curves for ccttxx to string
       lliisstt. The string is a colon separated list of curve NIDs or names, for
       example "P-521:P-384:P-256".

       _S_S_L___s_e_t_1___c_u_r_v_e_s_(_) and _S_S_L___s_e_t_1___c_u_r_v_e_s___l_i_s_t_(_) are similar except they
       set supported curves for the SSL structure ssssll.

       _S_S_L___g_e_t_1___c_u_r_v_e_s_(_) returns the set of supported curves sent by a client
       in the supported curves extension. It returns the total number of sup-
       ported curves. The ccuurrvveess parameter can be NNUULLLL to simply return the
       number of curves for memory allocation purposes. The ccuurrvveess array is in
       the form of a set of curve NIDs in preference order. It can return zero
       if the client did not send a supported curves extension.

       _S_S_L___g_e_t___s_h_a_r_e_d___c_u_r_v_e_(_) returns shared curve nn for a server-side SSL
       ssssll. If nn is -1 then the total number of shared curves is returned,
       which may be zero. Other than for diagnostic purposes, most applica-
       tions will only be interested in the first shared curve so nn is nor-
       mally set to zero. If the value nn is out of range, NID_undef is
       returned.

       _S_S_L___C_T_X___s_e_t___e_c_d_h___a_u_t_o_(_) and _S_S_L___s_e_t___e_c_d_h___a_u_t_o_(_) set automatic curve
       selection for server ccttxx or ssssll to oonnooffff. If oonnooffff is 1 then the high-
       est preference curve is automatically used for ECDH temporary keys used
       during key exchange.

       All these functions are implemented as macros.

NNOOTTEESS
       If an application wishes to make use of several of these functions for
       configuration purposes either on a command line or in a file it should
       consider using the SSL_CONF interface instead of manually parsing
       options.

       The functions _S_S_L___C_T_X___s_e_t___e_c_d_h___a_u_t_o_(_) and _S_S_L___s_e_t___e_c_d_h___a_u_t_o_(_) can be
       used to make a server always choose the most appropriate curve for a
       client. If set it will override any temporary ECDH parameters set by a
       server. Previous versions of OpenSSL could effectively only use a sin-
       gle ECDH curve set using a function such as _S_S_L___C_T_X___s_e_t___e_c_d_h___t_m_p_(_).
       Newer applications should just call:

        SSL_CTX_set_ecdh_auto(ctx, 1);

       and they will automatically support ECDH using the most appropriate
       shared curve.

RREETTUURRNN VVAALLUUEESS
       _S_S_L___C_T_X___s_e_t_1___c_u_r_v_e_s_(_), _S_S_L___C_T_X___s_e_t_1___c_u_r_v_e_s___l_i_s_t_(_), _S_S_L___s_e_t_1___c_u_r_v_e_s_(_),
       _S_S_L___s_e_t_1___c_u_r_v_e_s___l_i_s_t_(_), _S_S_L___C_T_X___s_e_t___e_c_d_h___a_u_t_o_(_) and _S_S_L___s_e_t___e_c_d_h___a_u_t_o_(_)
       return 1 for success and 0 for failure.

       _S_S_L___g_e_t_1___c_u_r_v_e_s_(_) returns the number of curves, which may be zero.

       _S_S_L___g_e_t___s_h_a_r_e_d___c_u_r_v_e_(_) returns the NID of shared curve nn or NID_undef
       if there is no shared curve nn; or the total number of shared curves if
       nn is -1.

       When called on a client ssssll, _S_S_L___g_e_t___s_h_a_r_e_d___c_u_r_v_e_(_) has no meaning and
       returns -1.

SSEEEE AALLSSOO
       _S_S_L___C_T_X___a_d_d___e_x_t_r_a___c_h_a_i_n___c_e_r_t(3)

HHIISSTTOORRYY
       These functions were first added to OpenSSL 1.0.2.


1.0.2u                            2019-12-20            SSL_CTX_set1_curves(3)