doc: improve ssl_ecdh_curve descriptions

Patch by Marko Kreen
2014-05-27 21:30:20 -04:00 · 2014-05-27 21:30:20 -04:00 · 49cf2cd815
parent b8cc8f9473
commit 49cf2cd815
2 changed files with 20 additions and 9 deletions
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@ -1020,13 +1020,23 @@ include 'filename'
      </term>
      <listitem>
       <para>
-        Specifies the name of the curve to use in ECDH key exchanges.  The
-        default is <literal>prime256p1</>.
+        Specifies the name of the curve to use in ECDH key exchange.
+        It needs to be supported by all clients that connect.
+        It does not need to be same curve as used by server's
+        Elliptic Curve key.  The default is <literal>prime256v1</>.  
       </para>

       <para>
-        The list of available curves can be shown with the command
-        <literal>openssl ecparam -list_curves</literal>.
+        OpenSSL names for most common curves:
+        <literal>prime256v1</> (NIST P-256),
+        <literal>secp384r1</> (NIST P-384),
+        <literal>secp521r1</> (NIST P-521).
+       </para>
+
+       <para>
+        The full list of available curves can be shown with the command
+        <literal>openssl ecparam -list_curves</literal>.  Not all of them
+        are usable in TLS though.
       </para>
      </listitem>
     </varlistentry>
--- a/doc/src/sgml/release-9.4.sgml
+++ b/doc/src/sgml/release-9.4.sgml
@ -616,17 +616,18 @@
       </para>

       <para>
-        Such keys are faster and have improved security over previous
-        options. The new configuration
-        parameter <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
-        controls which curve is used.
+        This allows use of Elliptic Curve keys for server authentication.
+        Such keys are faster and have improved security over <acronym>RSA</> keys.
+        The new configuration parameter
+        <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
+        controls which curve is used for <acronym>ECDH</>.
       </para>
      </listitem>

      <listitem>
       <para>
        Improve the default <link
-        linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> ciphers
+        linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> value
        (Marko Kreen)
       </para>
      </listitem>