.SS diffie-hellman
.PP
\fBdiffie-hellman(\fIMODULUS\fB, \fIGENERATOR\fR[\fB, \fICHECK\fR]\fB)\fR => \fIdh closure\fR
-.TP
-.I MODULUS
+.br
+\fBdiffie-hellman(\fIDICT\fB)\fR => \fIdh closure\fR
+Defines a Diffie\(enHellman group which uses
+traditional Diffie\(enHellman modulo a large prime number.
+Arguments may be provided
+either as positional arguments
+or in a dictionary.
+Dictionary keys are described below;
+those keys which correspond with positional arguments
+are mentioned in the individual descriptions.
+.TP
+.B p
String.
The prime modulus \fIp\fR in hex.
+Corresponds to the
+.I MODULUS
+argument.
.TP
-.I GENERATOR
+.B g
String.
The generator \fIg\fR in hex.
+Corresponds to the
+.I GENERATOR
+argument.
.TP
-.I CHECK
+.B check
Boolean.
If \fBtrue\fR (the default) then check if \fIp\fR is prime.
+Corresponds to the
+.I CHECK
+argument.
+.TP
+.B capab-num
+The capability number to use when advertising
+this Diffie\(enHellman group.
+The default capability number is 10.
+
.PP
A \fIdh closure\fR defines a group to be used for key exchange.
.SS sha1
\fBsha1\fR is a \fIhash closure\fR implementing the SHA-1 algorithm.
+.SS sha512
+\fBsha512\fR is a \fIhash closure\fR implementing the SHA-512 algorithm.
+
.SS site
\fBsite(\fIDICT\fB)\fR => \fIsite closure\fR
.PP
at the other end is irrelevant.)
.TP
.B dh
-A \fIdh closure\fR.
-The group to use in key exchange.
+A list of one or more \fIdh closure\fRs.
+The groups to use in key exchange.
+These should all have distinct
+.B capab-num
+values,
+and the same
+.B capab-num
+value should have the same (or a compatible) meaning at both ends.
+The list should be in order of preference,
+most preferred first.
+(The end which sends MSG1,MSG3 ends up choosing;
+the ordering at the other end is irrelevant.)
.TP
.B hash
The hash function used during setup.