mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#7506 DHParamFile: Update docs

Browse Source 
Update docs to reflect changes in handling and fix some errors.
This commit is contained in:
Ben Jencks 2013-01-27 18:42:17 -05:00 committed by Howard Chu
parent cfeb28412c
commit 056bd0acf9
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doc/guide/admin/tls.sdf
View File

@ -188,18 +188,20 @@ and it doesn't need very much data to work.
This directive is ignored with GnuTLS and Mozilla NSS. This directive is ignored with GnuTLS and Mozilla NSS.
H4: TLSEphemeralDHParamFile <filename> H4: TLSDHParamFile <filename>
This directive specifies the file that contains parameters for This directive specifies the file that contains parameters for
Diffie-Hellman ephemeral key exchange. This is required in order Diffie-Hellman ephemeral key exchange. This is required in order
to use a DSA certificate on the server side (i.e. to use DHE-based cipher suites, including all DSA-based suites (i.e.
{{EX:TLSCertificateKeyFile}} points to a DSA key). Multiple sets {{EX:TLSCertificateKeyFile}} points to a DSA key), and RSA when the 'key
of parameters can be included in the file; all of them will be encipherment' key usage is not specified in the certificate. Parameters can be
processed. Parameters can be generated using the following command generated using the following command
> openssl dhparam [-dsaparam] -out <filename> <numbits> > openssl dhparam [-dsaparam] -out <filename> <numbits>
or
> certtool --generate-dh-params --bits <numbits> --outfile <filename>
This directive is ignored with GnuTLS and Mozilla NSS. This directive is ignored with Mozilla NSS.
H4: TLSVerifyClient { never | allow | try | demand } H4: TLSVerifyClient { never | allow | try | demand }