Hi, In a recent discussion in the news.software.nntp newsgroup, we discussed the use of SSL_OP_CIPHER_SERVER_PREFERENCE, and would like to point out a possible improvement in the wording of the documentation of SSL_CTX_set_options. Currently, there is in OpenSSL documentation: https://www.openssl.org/docs/manmaster/ssl/SSL_CONF_cmd.html "-serverpref Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by servers." https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html "When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the SSL server will always follow the clients preferences. When set, the SSL/TLS server will choose following its own preferences." Maybe the documentation of SSL_CTX_set_options should also mention signature algorithms and elliptic curves. Also, Michael B?uerle noted that TLSv1.3 seems to change things a bit because FFDHE groups can now be negotiated too (codes starting at 256): <https://tools.ietf.org/html/draft-ietf-tls-tls13-14#section-4.2.3> and therefore suggests to mention "(EC)DHE groups" in both the above man pages. Have a nice day, -- Julien ?LIE ? La libertad, Sancho, es uno de los m?s preciosos dones que a los hombres dieron los cielos; con ella no pueden igualarse los tesoros que encierran la tierra y el mar: por la libertad, as? como por la honra, se puede y debe aventurar la vida. ? (Miguel de Cervantes Saavedra)
