Remove RANDFILE settings from configuration files

[openssl.git] / doc / man1 / openssl-ca.pod.in

diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in
index 6df41d897f76253ce6f3a1f6e20df93c1347eee0..c439fde5d9f4b321dfbb48d1afc61b85d213f940 100644 (file)
--- a/doc/man1/openssl-ca.pod.in
+++ b/doc/man1/openssl-ca.pod.in
@@ -446,7 +446,8 @@ CA private key. Mandatory.
 =item B<RANDFILE>
 
 At startup the specified file is loaded into the random number generator,
-and at exit 256 bytes will be written to it.
+and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is
+not necessary anymore, see the L</HISTORY> section.
 
 =item B<default_days>
 
@@ -654,7 +655,6 @@ A sample configuration file with the relevant sections for this command:
  serial         = $dir/serial           # serial no file
  #rand_serial    = yes                  # for random serial#'s
  private_key    = $dir/private/cakey.pem# CA private key
- RANDFILE       = $dir/private/.rand    # random number file
 
  default_days   = 365                   # how long to certify for
  default_crl_days= 30                   # how long before next CRL
@@ -690,7 +690,6 @@ The values below reflect the default values.
  ./demoCA/index.txt             - CA text database file
  ./demoCA/index.txt.old         - CA text database backup file
  ./demoCA/certs                 - certificate output file
- ./demoCA/.rnd                  - CA random seed information
 
 =head1 RESTRICTIONS
 
@@ -767,6 +766,11 @@ B<-enddate> and B<-days>) will be encoded as UTCTime if the dates are
 earlier than year 2049 (included), and as GeneralizedTime if the dates
 are in year 2050 or later.
 
+OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved
+seeding mechanism. The new seeding mechanism makes it unnecessary to
+define a RANDFILE for saving and restoring randomness. This option is
+retained mainly for compatibility reasons.
+
 =head1 SEE ALSO
 
 L<openssl(1)>,