projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b5a379a) | patch
Update documentation with Diffie-Hellman best practices.
authorEmilia Kasper <emilia@openssl.org>
Tue, 12 May 2015 14:10:05 +0000 (16:10 +0200)
committerEmilia Kasper <emilia@openssl.org>
Wed, 20 May 2015 13:10:26 +0000 (15:10 +0200)
commit1f302db3e70f50f9b5e0860581a18e117eafcf20
tree8a1a997d866de9c04cc9fe0ea68f6bb31355cba5tree | snapshot
parentb5a379aae5e05d18a17e41cd7591a038e21395ebcommit | diff
Update documentation with Diffie-Hellman best practices.
- Do not advise generation of DH parameters with dsaparam to save
computation time.
- Promote use of custom parameters more, and explicitly forbid use of
built-in parameters weaker than 2048 bits.
- Advise the callback to ignore <keylength> - it is currently called
with 1024 bits, but this value can and should be safely ignored by
servers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.