From 55d894bbfbb992482d4fbeac3b03f3bb5b2b258b Mon Sep 17 00:00:00 2001 From: Markus Minichmayr Date: Tue, 21 Nov 2023 23:50:54 +0100 Subject: [PATCH] Document `SSL_OP_PREFER_NO_DHE_KEX` option. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/22794) --- doc/man1/openssl-s_client.pod.in | 1 + doc/man1/openssl-s_server.pod.in | 1 + doc/man3/SSL_CONF_cmd.pod | 11 +++++++++++ doc/man3/SSL_CTX_set_options.pod | 6 ++++++ doc/perlvars.pm | 4 +++- 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 84cf6fdd81..f8db2658be 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -93,6 +93,7 @@ B B [B<-legacy_server_connect>] [B<-no_legacy_server_connect>] [B<-allow_no_dhe_kex>] +[B<-prefer_no_dhe_kex>] [B<-sigalgs> I] [B<-curves> I] [B<-cipher> I] diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 611b410cfd..9726a5c871 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -102,6 +102,7 @@ B B [B<-no_renegotiation>] [B<-no_resumption_on_reneg>] [B<-allow_no_dhe_kex>] +[B<-prefer_no_dhe_kex>] [B<-prioritize_chacha>] [B<-strict>] [B<-sigalgs> I] diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 7ffd731410..a0e4d52892 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -95,6 +95,12 @@ Only used by servers. Requires B<-serverpref>. In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. +=item B<-prefer_no_dhe_kex> + +In TLSv1.3, on resumption let the server prefer a non-(ec)dhe based key +exchange mode over an (ec)dhe based one. Requires B<-allow_no_dhe_kex>. +Equivalent to B. Only used by servers. + =item B<-strict> Enables strict mode protocol handling. Equivalent to setting @@ -523,6 +529,11 @@ B: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. Equivalent to B. +B: In TLSv1.3, on resumption let the server prefer a +non-(ec)dhe based key exchange mode over an (ec)dhe based one. Requires +B. Equivalent to B. Only used by +servers. + B: If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. This diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 56695e4abd..272b2a93e4 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -110,6 +110,12 @@ this option to enable it. In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. +=item SSL_OP_PREFER_NO_DHE_KEX + +In TLSv1.3, on resumption let the server prefer a non-(ec)dhe based key +exchange mode over an (ec)dhe based one. Ignored without B +being set as well. Always ignored on the client. + =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION Allow legacy insecure renegotiation between OpenSSL and unpatched clients or diff --git a/doc/perlvars.pm b/doc/perlvars.pm index f4c20aa392..06dac990cf 100644 --- a/doc/perlvars.pm +++ b/doc/perlvars.pm @@ -187,6 +187,7 @@ $OpenSSL::safe::opt_s_synopsis = "" . "[B<-no_legacy_server_connect>]\n" . "[B<-no_etm>]\n" . "[B<-allow_no_dhe_kex>]\n" +. "[B<-prefer_no_dhe_kex>]\n" . "[B<-prioritize_chacha>]\n" . "[B<-strict>]\n" . "[B<-sigalgs> I]\n" @@ -207,7 +208,8 @@ $OpenSSL::safe::opt_s_item = "" . "B<-legacy_renegotiation>, B<-no_renegotiation>,\n" . "B<-no_resumption_on_reneg>,\n" . "B<-legacy_server_connect>, B<-no_legacy_server_connect>, B<-no_etm>\n" -. "B<-allow_no_dhe_kex>, B<-prioritize_chacha>, B<-strict>, B<-sigalgs>\n" +. "B<-allow_no_dhe_kex>, B<-prefer_no_dhe_kex>,\n" +. "B<-prioritize_chacha>, B<-strict>, B<-sigalgs>\n" . "I, B<-client_sigalgs> I, B<-groups> I, B<-curves>\n" . "I, B<-named_curve> I, B<-cipher> I, B<-ciphersuites>\n" . "I<1.3ciphers>, B<-min_protocol> I, B<-max_protocol> I,\n"