diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-07-12 12:32:44 +0200 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2022-07-18 08:06:17 +0100 |
commit | 2885b2ca4eee5586baa50208e41a1ca54532eb3a (patch) | |
tree | 3d264b280573ef90926d05f6c62f7962ecf0a96c /doc | |
parent | 2b11a8ecc8ed1355b99a6d88b8e7e7a75a67bd0a (diff) |
dhparam: Correct the documentation of -dsaparam
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/openssl-dhparam.pod.in | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in index 3f3a90bf3c..634cd1ef98 100644 --- a/doc/man1/openssl-dhparam.pod.in +++ b/doc/man1/openssl-dhparam.pod.in @@ -62,14 +62,13 @@ as the input filename. =item B<-dsaparam> If this option is used, DSA rather than DH parameters are read or created; -they are converted to DH format. Otherwise, "strong" primes (such +they are converted to DH format. Otherwise, safe primes (such that (p-1)/2 is also prime) will be used for DH parameter generation. -DH parameter generation with the B<-dsaparam> option is much faster, -and the recommended exponent length is shorter, which makes DH key -exchange more efficient. Beware that with such DSA-style DH -parameters, a fresh DH key should be created for each use to -avoid small-subgroup attacks that may be possible otherwise. +DH parameter generation with the B<-dsaparam> option is much faster. +Beware that with such DSA-style DH parameters, a fresh DH key should be +created for each use to avoid small-subgroup attacks that may be possible +otherwise. =item B<-check> |