X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/088f80a16f384041909c6df6c5fbc98c0d76427f..9c6af4eca6bfb7bed6f86b1f32479f933979c080:/secnet.8

diff --git a/secnet.8 b/secnet.8
index f8cd48f..525e854 100644
--- a/secnet.8
+++ b/secnet.8
@@ -331,6 +331,12 @@ If \fBtrue\fR (the default) then check if \fIp\fR is prime.
 Corresponds to the
 .I CHECK
 argument.
+.TP
+.B capab-num
+The capability number to use when advertising
+this Diffie\(enHellman group.
+The default capability number is 10.
+
 .PP
 A \fIdh closure\fR defines a group to be used for key exchange.
 
@@ -609,8 +615,18 @@ first.  (The end which sends MSG1,MSG3 ends up choosing; the ordering
 at the other end is irrelevant.)
 .TP
 .B dh
-A \fIdh closure\fR.
-The group to use in key exchange.
+A list of one or more \fIdh closure\fRs.
+The groups to use in key exchange.
+These should all have distinct
+.B capab-num
+values,
+and the same
+.B capab-num
+value should have the same (or a compatible) meaning at both ends.
+The list should be in order of preference,
+most preferred first.
+(The end which sends MSG1,MSG3 ends up choosing;
+the ordering at the other end is irrelevant.)
 .TP
 .B hash
 The hash function used during setup.