diff options
author | Pauli <paul.dale@oracle.com> | 2020-03-13 08:23:27 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-03-14 15:05:56 +1000 |
commit | a8c1e37d43873d5d8ed71d240f963c9aba75e44e (patch) | |
tree | 19b1aa172af4a5519dd28a5903bac0e3637c2153 /doc/man3 | |
parent | ddff37db32c5c628c10d3a8b19c8b1013f52d15d (diff) |
Remove reference to old DH files.
The files are incorrect for TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11314)
Diffstat (limited to 'doc/man3')
-rw-r--r-- | doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index c8d25f4573..9b577bdd86 100644 --- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -62,14 +62,6 @@ generate their own DH parameters during the installation process using the openssl L<openssl-dhparam(1)> application. This application guarantees that "strong" primes are used. -Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current -version of the OpenSSL distribution contain two of the MODP Diffie-Hellman -groups for IKE as per RFC 3526. These files can be converted into C code -using the B<-C> option of the L<openssl-dhparam(1)> application. Generation -of custom DH parameters during installation should still be preferred to -stop an attacker from specializing on a commonly used group. File dh1024.pem -contains old parameters that must not be used by applications. - An application may either directly specify the DH parameters or can supply the DH parameters via a callback function. |