Fix and improve the documentation of supported groups

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-09-28 14:46:43 +02:00
parent f164b6a7ff
commit 8ee9ed6785

View file

@ -135,9 +135,12 @@ MVP definition
(2) The MVP sends one shared secret corresponding to the configured preferred
group. The preferred group is the group of the first curve in the list of
allowed curves as defined by the configuration. By default, it is the
mandatory group as defined by section 9.1 of the specification,
`secp256r1`. The list of allowed curves can be set through the
allowed curves as defined by the configuration. The allowed curves are
by default ordered as follow: `secp256r1`, `x25519`, `secp384r1`
and finally `secp521r1`. This default order is aligned with the
list of mandatory-to-implement groups (in absence of an application
profile standard specifying otherwise) defined in section 9.1 of the
specification. The list of allowed curves can be changed through the
`mbedtls_ssl_conf_curves()` API.
(3) The MVP proposes only TLS 1.3 and does not support version negociation.
@ -148,11 +151,8 @@ MVP definition
re-initiate a server handshake.
- Supported groups: depends on the library configuration.
Minimally (as defined in section 9.1 of the TLS 1.3 specification):
secp256r1 and x25519.
Furthermore, depending on the library configuration, potentially:
secp384r1 and secp521r1.
Potentially all ECDHE groups but x448:
secp256r1, x25519, secp384r1 and secp521r1.
Finite field groups (DHE) are not supported.