diff --git a/apps/dh512.pem b/apps/dh512.pem deleted file mode 100644 index 200d16cd89..0000000000 --- a/apps/dh512.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN DH PARAMETERS----- -MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak -XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC ------END DH PARAMETERS----- - -These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols" -(http://www.skip-vpn.org/spec/numbers.html). -See there for how they were generated. -Note that g is not a generator, but this is not a problem since p is a safe prime. diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index b754c16a86..64c8b65276 100644 --- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -83,9 +83,8 @@ which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the L application. Generation of custom DH parameters during installation should still be preferred to stop an -attacker from specializing on a commonly used group. Files dh1024.pem -and dh512.pem contain old parameters that must not be used by -applications. +attacker from specializing on a commonly used group. File dh1024.pem +contains old parameters that must not be used by applications. An application may either directly specify the DH parameters or can supply the DH parameters via a callback function.