mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

openssl-config: add example libssl system-defaults

Browse Source 
Provide a "simple" example for affecting the systemwide default behavior
of libssl.  The large number of mandatory nested sections makes this
less simple than the main description might suggest.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10937)
This commit is contained in:
Benjamin Kaduk 2020-01-23 17:08:34 -08:00 committed by Benjamin Kaduk
parent c6fec81b88
commit 3472082b4b
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/man5/config.pod
View File

@ -469,6 +469,22 @@ Simple OpenSSL library configuration example to enter FIPS mode:
Note: in the above example you will get an error in non FIPS capable versions
of OpenSSL.
Simple OpenSSL library configuration to make TLS 1.3 the system-default
minimum TLS version:
# Toplevel section for openssl (including libssl)
openssl_conf = default_conf_section
[default_conf_section]
# We only specify configuration for the "ssl module"
ssl_conf = ssl_section
[ssl_section]
system_default = system_default_section
[system_default_section]
MinProtocol = TLSv1.3
More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:
# Default appname: should match "appname" parameter (if any)