ITS#7506 DHParamFile: Update docs

Update docs to reflect changes in handling and fix some errors.
2024-12-15 03:01:09 +08:00 · 2013-01-27 18:42:17 -05:00 · 2013-01-27 18:42:17 -05:00 · 056bd0acf9
commit 056bd0acf9
parent cfeb28412c
1 changed files with 8 additions and 6 deletions
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@ -188,18 +188,20 @@ and it doesn't need very much data to work.

 This directive is ignored with GnuTLS and Mozilla NSS.

-H4: TLSEphemeralDHParamFile <filename>
+H4: TLSDHParamFile <filename>

 This directive specifies the file that contains parameters for
 Diffie-Hellman ephemeral key exchange.  This is required in order
-to use a DSA certificate on the server side (i.e.
-{{EX:TLSCertificateKeyFile}} points to a DSA key).  Multiple sets
-of parameters can be included in the file; all of them will be
-processed.  Parameters can be generated using the following command
+to use DHE-based cipher suites, including all DSA-based suites (i.e.
+{{EX:TLSCertificateKeyFile}} points to a DSA key), and RSA when the 'key
+encipherment' key usage is not specified in the certificate.  Parameters can be
+generated using the following command

 >	openssl dhparam [-dsaparam] -out <filename> <numbits>
+or
+>	certtool --generate-dh-params --bits <numbits> --outfile <filename>

-This directive is ignored with GnuTLS and Mozilla NSS.
+This directive is ignored with Mozilla NSS.

 H4: TLSVerifyClient { never | allow | try | demand }