openssl-config: add example libssl system-defaults

Provide a "simple" example for affecting the systemwide default behavior of libssl. The large number of mandatory nested sections makes this less simple than the main description might suggest. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10937)
author: Benjamin Kaduk <bkaduk@akamai.com> 2020-01-23 17:08:34 -0800
committer: Benjamin Kaduk <kaduk@mit.edu> 2020-01-24 20:52:38 -0800
commit: 3472082b4b6d73e0803a7c47f03e96ec0a69f77b (patch)
tree: b8ad05381e3823515961e5e5a7fac62dd73c7e27 /doc/man5
parent: c6fec81b88131d08c1022504ccf6effa95497afb (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 1776439edd..680ad6578a 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -469,6 +469,22 @@ Simple OpenSSL library configuration example to enter FIPS mode:
 Note: in the above example you will get an error in non FIPS capable versions
 of OpenSSL.
 
+Simple OpenSSL library configuration to make TLS 1.3 the system-default
+minimum TLS version:
+
+ # Toplevel section for openssl (including libssl)
+ openssl_conf = default_conf_section
+
+ [default_conf_section]
+ # We only specify configuration for the "ssl module"
+ ssl_conf = ssl_section
+
+ [ssl_section]
+ system_default = system_default_section
+
+ [system_default_section]
+ MinProtocol = TLSv1.3
+
 More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:
 
  # Default appname: should match "appname" parameter (if any)
author	Benjamin Kaduk <bkaduk@akamai.com>	2020-01-23 17:08:34 -0800
committer	Benjamin Kaduk <kaduk@mit.edu>	2020-01-24 20:52:38 -0800
commit	3472082b4b6d73e0803a7c47f03e96ec0a69f77b (patch)
tree	b8ad05381e3823515961e5e5a7fac62dd73c7e27 /doc/man5
parent	c6fec81b88131d08c1022504ccf6effa95497afb (diff)