From 056bd0acf90337c3c599c84e352bf27b940373d2 Mon Sep 17 00:00:00 2001 From: Ben Jencks Date: Sun, 27 Jan 2013 18:42:17 -0500 Subject: [PATCH] ITS#7506 DHParamFile: Update docs Update docs to reflect changes in handling and fix some errors. --- doc/guide/admin/tls.sdf | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf index 00bf83ce26..cd8343da97 100644 --- a/doc/guide/admin/tls.sdf +++ b/doc/guide/admin/tls.sdf @@ -188,18 +188,20 @@ and it doesn't need very much data to work. This directive is ignored with GnuTLS and Mozilla NSS. -H4: TLSEphemeralDHParamFile +H4: TLSDHParamFile This directive specifies the file that contains parameters for Diffie-Hellman ephemeral key exchange. This is required in order -to use a DSA certificate on the server side (i.e. -{{EX:TLSCertificateKeyFile}} points to a DSA key). Multiple sets -of parameters can be included in the file; all of them will be -processed. Parameters can be generated using the following command +to use DHE-based cipher suites, including all DSA-based suites (i.e. +{{EX:TLSCertificateKeyFile}} points to a DSA key), and RSA when the 'key +encipherment' key usage is not specified in the certificate. Parameters can be +generated using the following command > openssl dhparam [-dsaparam] -out +or +> certtool --generate-dh-params --bits --outfile -This directive is ignored with GnuTLS and Mozilla NSS. +This directive is ignored with Mozilla NSS. H4: TLSVerifyClient { never | allow | try | demand }