diff --git a/code/DDSCodeTester.cpp b/code/DDSCodeTester.cpp
index ca3a21f99..7072c4668 100644
--- a/code/DDSCodeTester.cpp
+++ b/code/DDSCodeTester.cpp
@@ -588,6 +588,15 @@ void dds_domain_examples()
pqos.properties().properties().emplace_back(
"dds.sec.auth.builtin.PKI-DH.password",
"domainParticipantPassword");
+<<<<<<< HEAD
+=======
+ pqos.properties().properties().emplace_back(
+ "dds.sec.auth.builtin.PKI-DH.preferred_key_agreement",
+ "ECDH");
+ pqos.properties().properties().emplace_back(
+ "dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy",
+ "true");
+>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974))
//!--
}
{
@@ -623,6 +632,9 @@ void dds_domain_examples()
pqos.properties().properties().emplace_back(
"dds.sec.access.builtin.Access-Permissions.permissions",
"file://certs/permissions.smime");
+ pqos.properties().properties().emplace_back(
+ "dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy",
+ "true");
//!--
}
{
diff --git a/code/XMLTester.xml b/code/XMLTester.xml
index 7d3707295..029e99b7e 100644
--- a/code/XMLTester.xml
+++ b/code/XMLTester.xml
@@ -2641,6 +2641,17 @@
dds.sec.auth.builtin.PKI-DH.password
domainParticipantPassword
+<<<<<<< HEAD
+=======
+
+ dds.sec.auth.builtin.PKI-DH.preferred_key_agreement
+ ECDH
+
+
+ dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy
+ true
+
+>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974))
@@ -2693,6 +2704,10 @@
dds.sec.access.builtin.Access-Permissions.permissions
file://permissions.smime
+
+ dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy
+ true
+
diff --git a/docs/fastdds/property_policies/security.rst b/docs/fastdds/property_policies/security.rst
index 7c593a978..eb041e20b 100644
--- a/docs/fastdds/property_policies/security.rst
+++ b/docs/fastdds/property_policies/security.rst
@@ -42,6 +42,19 @@ The following table outlines the properties used for the :ref:`DDS\:Auth\:PKI-DH
If the *password* property is not present, then the value supplied in the |br|
*private_key* property must contain the decrypted private key. |br|
The *password* property is ignored if the *private_key* is given in PKCS#11 scheme.
+<<<<<<< HEAD
+=======
+ * - ``preferred_key_agreement`` *(optional)*
+ - The preferred algorithm to use for generating the session's shared secret |br|
+ at the end of the authentication phase. Supported values are: |br|
+ a) ``DH``, ``DH+MODP-2048-256`` for Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br|
+ b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br|
+ c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br|
+ Will default to ``AUTO`` if the property is not present.
+ * - ``transmit_algorithms_as_legacy`` *(optional)*
+ - Whether to transmit algorithm identifiers in non-standard legacy format. |br|
+ Will default to ``false`` if the property is not present.
+>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974))
.. note::
All properties listed above have the ``dds.sec.auth.builtin.PKI-DH."`` prefix.
diff --git a/docs/fastdds/security/access_control_plugin/access_control_plugin.rst b/docs/fastdds/security/access_control_plugin/access_control_plugin.rst
index 2b37e4c80..1617e8e78 100644
--- a/docs/fastdds/security/access_control_plugin/access_control_plugin.rst
+++ b/docs/fastdds/security/access_control_plugin/access_control_plugin.rst
@@ -55,6 +55,9 @@ The following table outlines the properties used for the DDS\:Access\:Permission
* - permissions
- URI to the Participant permissions document signed by the |br| Permissions CA in S/MIME format. |br|
Supported URI schemes: file.
+ * - transmit_algorithms_as_legacy *(optional)*
+ - Whether to transmit algorithm identifiers in non-standard legacy format. |br|
+ Will default to ``false`` if the property is not present.
.. note::
All listed properties have "dds.sec.access.builtin.Access-Permissions." prefix.
diff --git a/docs/fastdds/security/auth_plugin/auth_plugin.rst b/docs/fastdds/security/auth_plugin/auth_plugin.rst
index 3bbb6045d..20af114bd 100644
--- a/docs/fastdds/security/auth_plugin/auth_plugin.rst
+++ b/docs/fastdds/security/auth_plugin/auth_plugin.rst
@@ -56,6 +56,19 @@ The following table outlines the properties used for the DDS:\Auth\:PKI-DH plugi
If the *password* property is not present, then the value supplied in the |br|
*private_key* property must contain the decrypted private key. |br|
The *password* property is ignored if the *private_key* is given in PKCS#11 scheme.
+<<<<<<< HEAD
+=======
+ * - preferred_key_agreement *(optional)*
+ - The preferred algorithm to use for generating the session's shared secret |br|
+ at the end of the authentication phase. Supported values are: |br|
+ a) ``DH``, ``DH+MODP-2048-256`` for Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br|
+ b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br|
+ c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br|
+ Will default to ``AUTO`` if the property is not present.
+ * - transmit_algorithms_as_legacy *(optional)*
+ - Whether to transmit algorithm identifiers in non-standard legacy format. |br|
+ Will default to ``false`` if the property is not present.
+>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974))
.. note::
All listed properties have "dds.sec.auth.builtin.PKI-DH." prefix.