diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index d9e5985a16..4a666d0d2d 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -1020,13 +1020,23 @@ include 'filename'
- Specifies the name of the curve to use in ECDH key exchanges. The
- default is prime256p1>.
+ Specifies the name of the curve to use in ECDH key exchange.
+ It needs to be supported by all clients that connect.
+ It does not need to be same curve as used by server's
+ Elliptic Curve key. The default is prime256v1>.
- The list of available curves can be shown with the command
- openssl ecparam -list_curves.
+ OpenSSL names for most common curves:
+ prime256v1> (NIST P-256),
+ secp384r1> (NIST P-384),
+ secp521r1> (NIST P-521).
+
+
+
+ The full list of available curves can be shown with the command
+ openssl ecparam -list_curves. Not all of them
+ are usable in TLS though.
diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml
index 24862fef38..ae059f8818 100644
--- a/doc/src/sgml/release-9.4.sgml
+++ b/doc/src/sgml/release-9.4.sgml
@@ -616,17 +616,18 @@
- Such keys are faster and have improved security over previous
- options. The new configuration
- parameter ssl_ecdh_curve>
- controls which curve is used.
+ This allows use of Elliptic Curve keys for server authentication.
+ Such keys are faster and have improved security over RSA> keys.
+ The new configuration parameter
+ ssl_ecdh_curve>
+ controls which curve is used for ECDH>.
Improve the default ssl_ciphers> ciphers
+ linkend="guc-ssl-ciphers">ssl_ciphers> value
(Marko Kreen)