Fix and improve the documentation of supported groups

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-09-28 14:46:43 +02:00
parent f164b6a7ff
commit 8ee9ed6785

View file

@ -135,9 +135,12 @@ MVP definition
(2) The MVP sends one shared secret corresponding to the configured preferred (2) The MVP sends one shared secret corresponding to the configured preferred
group. The preferred group is the group of the first curve in the list of group. The preferred group is the group of the first curve in the list of
allowed curves as defined by the configuration. By default, it is the allowed curves as defined by the configuration. The allowed curves are
mandatory group as defined by section 9.1 of the specification, by default ordered as follow: `secp256r1`, `x25519`, `secp384r1`
`secp256r1`. The list of allowed curves can be set through the and finally `secp521r1`. This default order is aligned with the
list of mandatory-to-implement groups (in absence of an application
profile standard specifying otherwise) defined in section 9.1 of the
specification. The list of allowed curves can be changed through the
`mbedtls_ssl_conf_curves()` API. `mbedtls_ssl_conf_curves()` API.
(3) The MVP proposes only TLS 1.3 and does not support version negociation. (3) The MVP proposes only TLS 1.3 and does not support version negociation.
@ -148,11 +151,8 @@ MVP definition
re-initiate a server handshake. re-initiate a server handshake.
- Supported groups: depends on the library configuration. - Supported groups: depends on the library configuration.
Minimally (as defined in section 9.1 of the TLS 1.3 specification): Potentially all ECDHE groups but x448:
secp256r1 and x25519. secp256r1, x25519, secp384r1 and secp521r1.
Furthermore, depending on the library configuration, potentially:
secp384r1 and secp521r1.
Finite field groups (DHE) are not supported. Finite field groups (DHE) are not supported.