Fix and improve the documentation of supported groups
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 5421492..b15d77c 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -135,9 +135,12 @@
(2) The MVP sends one shared secret corresponding to the configured preferred
group. The preferred group is the group of the first curve in the list of
- allowed curves as defined by the configuration. By default, it is the
- mandatory group as defined by section 9.1 of the specification,
- `secp256r1`. The list of allowed curves can be set through the
+ allowed curves as defined by the configuration. The allowed curves are
+ by default ordered as follow: `secp256r1`, `x25519`, `secp384r1`
+ and finally `secp521r1`. This default order is aligned with the
+ list of mandatory-to-implement groups (in absence of an application
+ profile standard specifying otherwise) defined in section 9.1 of the
+ specification. The list of allowed curves can be changed through the
`mbedtls_ssl_conf_curves()` API.
(3) The MVP proposes only TLS 1.3 and does not support version negociation.
@@ -148,11 +151,8 @@
re-initiate a server handshake.
- Supported groups: depends on the library configuration.
- Minimally (as defined in section 9.1 of the TLS 1.3 specification):
- secp256r1 and x25519.
-
- Furthermore, depending on the library configuration, potentially:
- secp384r1 and secp521r1.
+ Potentially all ECDHE groups but x448:
+ secp256r1, x25519, secp384r1 and secp521r1.
Finite field groups (DHE) are not supported.