From: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
Date: Wed, 16 Jul 2025 09:18:02 +0000 (+0200)
Subject: rebase to master fixing some missing group references
X-Git-Tag: openssl-3.6.0-alpha1~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92bfd358c9bc1453f0d4147f165b296cb99aa1b6;p=thirdparty%2Fopenssl.git

rebase to master fixing some missing group references

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26965)
---

diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 22baa9c192f..cb994ba7dee 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -58,7 +58,8 @@ Disables support for session tickets, same as setting B<SSL_OP_NO_TICKET>.
 =item B<-serverpref>
 
 Use server and not client preference order when determining which cipher suite,
-signature algorithm or elliptic curve to use for an incoming connection.
+signature algorithm or elliptic curve (TLS 1.2) or group (TLS 1.3) to use for
+an incoming connection.
 Equivalent to B<SSL_OP_SERVER_PREFERENCE>. Only used by servers.
 
 =item B<-client_renegotiation>
@@ -569,8 +570,8 @@ B<SSL_OP_ECDH_SINGLE>. Only used by servers.
 
 B<ServerPreference>: use server and not client preference order when
 determining which cipher suite, signature algorithm or elliptic curve
-to use for an incoming connection.  Equivalent to
-B<SSL_OP_SERVER_PREFERENCE>. Only used by servers.
+(TLS 1.2) or group (TSL 1.3) to use for an incoming connection.
+Equivalent to B<SSL_OP_SERVER_PREFERENCE>. Only used by servers.
 
 B<PrioritizeChaCha>: prioritizes ChaCha ciphers when the client has a
 ChaCha20 cipher at the top of its preference list. This usually indicates
diff --git a/doc/man7/ossl-guide-tls-server-block.pod b/doc/man7/ossl-guide-tls-server-block.pod
index a261f8990c8..976045d4e1e 100644
--- a/doc/man7/ossl-guide-tls-server-block.pod
+++ b/doc/man7/ossl-guide-tls-server-block.pod
@@ -89,8 +89,8 @@ Next we configure some option flags, see L<SSL_CTX_set_options(3)> for details:
     opts |= SSL_OP_NO_RENEGOTIATION;
 
     /*
-     * Most servers elect to use their own cipher or group preference rather than
-     * that of the client.
+     * Most servers elect to use their own cipher, group or signature preference
+     * rather than that of the client.
      */
     opts |= SSL_OP_SERVER_PREFERENCE;