projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3372aee) | patch
Update documentation with Diffie-Hellman best practices.
authorEmilia Kasper <emilia@openssl.org>
Tue, 12 May 2015 14:10:05 +0000 (16:10 +0200)
committerEmilia Kasper <emilia@openssl.org>
Wed, 20 May 2015 13:01:36 +0000 (15:01 +0200)
commitff4de7dde90d15b366abe4664b904f22539969c9
tree2f7abd4cf145afab07d13a18cef8b4d949b7634dtree | snapshot
parent3372aeed2ce056af9d577a0d79b34dd7f9b67dadcommit | diff
Update documentation with Diffie-Hellman best practices.
- Do not advise generation of DH parameters with dsaparam to save
computation time.
- Promote use of custom parameters more, and explicitly forbid use of
built-in parameters weaker than 2048 bits.
- Advise the callback to ignore <keylength> - it is currently called
with 1024 bits, but this value can and should be safely ignored by
servers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.