SSL_CTX_set1_curves(3) OpenSSL SSL_CTX_set1_curves(3) NNAAMMEE SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - EC supported curve functions SSYYNNOOPPSSIISS #include int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); int SSL_set1_curves_list(SSL *ssl, char *list); int SSL_get1_curves(SSL *ssl, int *curves); int SSL_get_shared_curve(SSL *s, int n); int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff); int SSL_set_ecdh_auto(SSL *s, int onoff); DDEESSCCRRIIPPTTIIOONN _S_S_L___C_T_X___s_e_t_1___c_u_r_v_e_s_(_) sets the supported curves for ccttxx to cclliissttlleenn curves in the array cclliisstt. The array consist of all NIDs of curves in preference order. For a TLS client the curves are used directly in the supported curves extension. For a TLS server the curves are used to determine the set of shared curves. _S_S_L___C_T_X___s_e_t_1___c_u_r_v_e_s___l_i_s_t_(_) sets the supported curves for ccttxx to string lliisstt. The string is a colon separated list of curve NIDs or names, for example "P-521:P-384:P-256". _S_S_L___s_e_t_1___c_u_r_v_e_s_(_) and _S_S_L___s_e_t_1___c_u_r_v_e_s___l_i_s_t_(_) are similar except they set supported curves for the SSL structure ssssll. _S_S_L___g_e_t_1___c_u_r_v_e_s_(_) returns the set of supported curves sent by a client in the supported curves extension. It returns the total number of sup- ported curves. The ccuurrvveess parameter can be NNUULLLL to simply return the number of curves for memory allocation purposes. The ccuurrvveess array is in the form of a set of curve NIDs in preference order. It can return zero if the client did not send a supported curves extension. _S_S_L___g_e_t___s_h_a_r_e_d___c_u_r_v_e_(_) returns shared curve nn for a server-side SSL ssssll. If nn is -1 then the total number of shared curves is returned, which may be zero. Other than for diagnostic purposes, most applica- tions will only be interested in the first shared curve so nn is nor- mally set to zero. If the value nn is out of range, NID_undef is returned. _S_S_L___C_T_X___s_e_t___e_c_d_h___a_u_t_o_(_) and _S_S_L___s_e_t___e_c_d_h___a_u_t_o_(_) set automatic curve selection for server ccttxx or ssssll to oonnooffff. If oonnooffff is 1 then the high- est preference curve is automatically used for ECDH temporary keys used during key exchange. All these functions are implemented as macros. NNOOTTEESS If an application wishes to make use of several of these functions for configuration purposes either on a command line or in a file it should consider using the SSL_CONF interface instead of manually parsing options. The functions _S_S_L___C_T_X___s_e_t___e_c_d_h___a_u_t_o_(_) and _S_S_L___s_e_t___e_c_d_h___a_u_t_o_(_) can be used to make a server always choose the most appropriate curve for a client. If set it will override any temporary ECDH parameters set by a server. Previous versions of OpenSSL could effectively only use a sin- gle ECDH curve set using a function such as _S_S_L___C_T_X___s_e_t___e_c_d_h___t_m_p_(_). Newer applications should just call: SSL_CTX_set_ecdh_auto(ctx, 1); and they will automatically support ECDH using the most appropriate shared curve. RREETTUURRNN VVAALLUUEESS _S_S_L___C_T_X___s_e_t_1___c_u_r_v_e_s_(_), _S_S_L___C_T_X___s_e_t_1___c_u_r_v_e_s___l_i_s_t_(_), _S_S_L___s_e_t_1___c_u_r_v_e_s_(_), _S_S_L___s_e_t_1___c_u_r_v_e_s___l_i_s_t_(_), _S_S_L___C_T_X___s_e_t___e_c_d_h___a_u_t_o_(_) and _S_S_L___s_e_t___e_c_d_h___a_u_t_o_(_) return 1 for success and 0 for failure. _S_S_L___g_e_t_1___c_u_r_v_e_s_(_) returns the number of curves, which may be zero. _S_S_L___g_e_t___s_h_a_r_e_d___c_u_r_v_e_(_) returns the NID of shared curve nn or NID_undef if there is no shared curve nn; or the total number of shared curves if nn is -1. When called on a client ssssll, _S_S_L___g_e_t___s_h_a_r_e_d___c_u_r_v_e_(_) has no meaning and returns -1. SSEEEE AALLSSOO _S_S_L___C_T_X___a_d_d___e_x_t_r_a___c_h_a_i_n___c_e_r_t(3) HHIISSTTOORRYY These functions were first added to OpenSSL 1.0.2. 1.0.2u 2019-12-20 SSL_CTX_set1_curves(3)