mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
ITS#7506 more doc updates
This commit is contained in:
parent
056bd0acf9
commit
63926362a9
@ -920,12 +920,15 @@ browser. Press 'Enter' for the new password.
|
||||
.B olcTLSDHParamFile: <filename>
|
||||
This directive specifies the file that contains parameters for Diffie-Hellman
|
||||
ephemeral key exchange. This is required in order to use a DSA certificate on
|
||||
the server. If multiple sets of parameters are present in the file, all of
|
||||
them will be processed. Note that setting this option may also enable
|
||||
the server, or an RSA certificate missing the "key encipherment" key usage.
|
||||
Note that setting this option may also enable
|
||||
Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites.
|
||||
You should append "!ADH" to your cipher suites if you have changed them
|
||||
from the default, otherwise no certificate exchanges or verification will
|
||||
be done. When using GnuTLS or Mozilla NSS these parameters are always generated randomly
|
||||
Anonymous key exchanges should generally be avoided since they provide no
|
||||
actual client or server authentication and provide no protection against
|
||||
man-in-the-middle attacks.
|
||||
You should append "!ADH" to your cipher suites to ensure that these suites
|
||||
are not used.
|
||||
When using Mozilla NSS these parameters are always generated randomly
|
||||
so this directive is ignored.
|
||||
.TP
|
||||
.B olcTLSProtocolMin: <major>[.<minor>]
|
||||
|
@ -1151,13 +1151,16 @@ browser. Press 'Enter' for the new password.
|
||||
.B TLSDHParamFile <filename>
|
||||
This directive specifies the file that contains parameters for Diffie-Hellman
|
||||
ephemeral key exchange. This is required in order to use a DSA certificate on
|
||||
the server. If multiple sets of parameters are present in the file, all of
|
||||
them will be processed. Note that setting this option may also enable
|
||||
the server, or an RSA certificate missing the "key encipherment" key usage.
|
||||
Note that setting this option may also enable
|
||||
Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites.
|
||||
You should append "!ADH" to your cipher suites if you have changed them
|
||||
from the default, otherwise no certificate exchanges or verification will
|
||||
be done. When using GnuTLS these parameters are always generated randomly so
|
||||
this directive is ignored. This directive is ignored when using Mozilla NSS.
|
||||
Anonymous key exchanges should generally be avoided since they provide no
|
||||
actual client or server authentication and provide no protection against
|
||||
man-in-the-middle attacks.
|
||||
You should append "!ADH" to your cipher suites to ensure that these suites
|
||||
are not used.
|
||||
When using Mozilla NSS these parameters are always generated randomly
|
||||
so this directive is ignored.
|
||||
.TP
|
||||
.B TLSProtocolMin <major>[.<minor>]
|
||||
Specifies minimum SSL/TLS protocol version that will be negotiated.
|
||||
|
Loading…
Reference in New Issue
Block a user