doc: improve ssl_ecdh_curve descriptions

Patch by Marko Kreen

doc: improve ssl_ecdh_curve descriptions
Patch by Marko Kreen
49cf2cd8 · Bruce Momjian · b8cc8f94 · 49cf2cd8 · 49cf2cd8
Commit 49cf2cd8 authored May 27, 2014 by Bruce Momjian
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 9 deletions

doc/src/sgml/config.sgml doc/src/sgml/config.sgml +14 -4

doc/src/sgml/release-9.4.sgml doc/src/sgml/release-9.4.sgml +6 -5

No files found.
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -1020,13 +1020,23 @@ include 'filename'
      </term>
      <listitem>
       <para>
-        Specifies the name of the curve to use in ECDH key exchanges.  The
-        default is <literal>prime256p1</>.
+        Specifies the name of the curve to use in ECDH key exchange.
+        It needs to be supported by all clients that connect.
+        It does not need to be same curve as used by server's
+        Elliptic Curve key.  The default is <literal>prime256v1</>.  
       </para>

       <para>
-        The list of available curves can be shown with the command
-        <literal>openssl ecparam -list_curves</literal>.
+        OpenSSL names for most common curves:
+        <literal>prime256v1</> (NIST P-256),
+        <literal>secp384r1</> (NIST P-384),
+        <literal>secp521r1</> (NIST P-521).
+       </para>
+
+       <para>
+        The full list of available curves can be shown with the command
+        <literal>openssl ecparam -list_curves</literal>.  Not all of them
+        are usable in TLS though.
       </para>
      </listitem>
     </varlistentry>

--- a/doc/src/sgml/release-9.4.sgml
+++ b/doc/src/sgml/release-9.4.sgml
@@ -616,17 +616,18 @@
       </para>

       <para>
-        Such keys are faster and have improved security over previous
-        options. The new configuration
-        parameter <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
-        controls which curve is used.
+        This allows use of Elliptic Curve keys for server authentication.
+        Such keys are faster and have improved security over <acronym>RSA</> keys.
+        The new configuration parameter
+        <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
+        controls which curve is used for <acronym>ECDH</>.
       </para>
      </listitem>

      <listitem>
       <para>
        Improve the default <link
-        linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> ciphers
+        linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> value
        (Marko Kreen)
       </para>
      </listitem>