diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2020-01-23 17:08:34 -0800 |
---|---|---|
committer | Benjamin Kaduk <kaduk@mit.edu> | 2020-01-24 20:54:11 -0800 |
commit | 59f92fa27eb41a7513e584b665c87669171f60dd (patch) | |
tree | 136c7b4d6be34c0677b17856e305581147b14b7b /doc | |
parent | f50f2725c03710e183d855760c32d8df6cab1f94 (diff) |
openssl-config: add example libssl system-defaults
Provide a "simple" example for affecting the systemwide default behavior
of libssl. The large number of mandatory nested sections makes this
less simple than the main description might suggest.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10937)
(cherry picked from commit 3472082b4b6d73e0803a7c47f03e96ec0a69f77b)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man5/config.pod | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 992fdfccf9..732998e8f4 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -355,6 +355,22 @@ Simple OpenSSL library configuration example to enter FIPS mode: Note: in the above example you will get an error in non FIPS capable versions of OpenSSL. +Simple OpenSSL library configuration to make TLS 1.3 the system-default +minimum TLS version: + + # Toplevel section for openssl (including libssl) + openssl_conf = default_conf_section + + [default_conf_section] + # We only specify configuration for the "ssl module" + ssl_conf = ssl_section + + [ssl_section] + system_default = system_default_section + + [system_default_section] + MinProtocol = TLSv1.3 + More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: # Default appname: should match "appname" parameter (if any) |