From 08de6a3a61682b064b7f234ffc65b01f47fcbad2 Mon Sep 17 00:00:00 2001
From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Mon, 8 Jul 2024 11:50:35 +0200
Subject: [PATCH] Clarify supported curves in the s_client/s_server
 documentation

Mention that supported curves (aka groups) include named EC parameters
as well as X25519 and X448 or FFDHE groups.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24774)

(cherry picked from commit 775188702574dcd6cc53b7a9d3501a639c146121)
---
 doc/man1/openssl-s_client.pod.in | 6 +++++-
 doc/man1/openssl-s_server.pod.in | 5 ++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index 4b7b58b72d5..d979577f0b5 100644
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -616,7 +616,11 @@ For example strings, see L<SSL_CTX_set1_sigalgs(3)>
 =item B<-curves> I<curvelist>
 
 Specifies the list of supported curves to be sent by the client. The curve is
-ultimately selected by the server. For a list of all curves, use:
+ultimately selected by the server.
+
+The list of all supported groups includes named EC parameters as well as X25519
+and X448 or FFDHE groups, and may also include groups implemented in 3rd-party
+providers. For a list of named EC parameters, use:
 
     $ openssl ecparam -list_curves
 
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index 319f1e342b4..d99aead6417 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -641,7 +641,10 @@ Signature algorithms to support for client certificate authentication
 =item B<-named_curve> I<val>
 
 Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
-For a list of all possible curves, use:
+
+The list of all supported groups includes named EC parameters as well as X25519
+and X448 or FFDHE groups, and may also include groups implemented in 3rd-party
+providers. For a list of named EC parameters, use:
 
     $ openssl ecparam -list_curves
 
-- 
2.47.2