From 8ee9ed6785e1f9ded44f1bd07401b0b70c524479 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 28 Sep 2021 14:46:43 +0200 Subject: [PATCH] Fix and improve the documentation of supported groups Signed-off-by: Ronald Cron --- docs/architecture/tls13-experimental.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md index 5421492ae..b15d77ca6 100644 --- a/docs/architecture/tls13-experimental.md +++ b/docs/architecture/tls13-experimental.md @@ -135,9 +135,12 @@ MVP definition (2) The MVP sends one shared secret corresponding to the configured preferred group. The preferred group is the group of the first curve in the list of - allowed curves as defined by the configuration. By default, it is the - mandatory group as defined by section 9.1 of the specification, - `secp256r1`. The list of allowed curves can be set through the + allowed curves as defined by the configuration. The allowed curves are + by default ordered as follow: `secp256r1`, `x25519`, `secp384r1` + and finally `secp521r1`. This default order is aligned with the + list of mandatory-to-implement groups (in absence of an application + profile standard specifying otherwise) defined in section 9.1 of the + specification. The list of allowed curves can be changed through the `mbedtls_ssl_conf_curves()` API. (3) The MVP proposes only TLS 1.3 and does not support version negociation. @@ -148,11 +151,8 @@ MVP definition re-initiate a server handshake. - Supported groups: depends on the library configuration. - Minimally (as defined in section 9.1 of the TLS 1.3 specification): - secp256r1 and x25519. - - Furthermore, depending on the library configuration, potentially: - secp384r1 and secp521r1. + Potentially all ECDHE groups but x448: + secp256r1, x25519, secp384r1 and secp521r1. Finite field groups (DHE) are not supported.