From fa60b909501664b2034d254781798e511d16c315 Mon Sep 17 00:00:00 2001
From: David Gatwood <dgatwood@apple.com>
Date: Tue, 26 Aug 2014 13:02:03 -0400
Subject: RT1744: SSL_CTX_set_dump_dh() doc feedback

The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
---
 doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'doc')

diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
index b34c68aba3..a9995fcb64 100644
--- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
@@ -48,12 +48,13 @@ even if he gets hold of the normal (certified) key, as this key was
 only used for signing.
 
 In order to perform a DH key exchange the server must use a DH group
-(DH parameters) and generate a DH key. The server will always generate a new
-DH key during the negotiation, when the DH parameters are supplied via
-callback and/or when the SSL_OP_SINGLE_DH_USE option of
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will
-immediately create a DH key, when DH parameters are supplied via
-SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case,
+(DH parameters) and generate a DH key.
+The server will always generate a new DH key during the negotiation
+if either the DH parameters are supplied via callback or the
+SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set (or both).
+It will  immediately create a DH key if DH parameters are supplied via
+SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set.
+In this case,
 it may happen that a key is generated on initialization without later
 being needed, while on the other hand the computer time during the
 negotiation is being saved.
@@ -66,6 +67,7 @@ in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
 has an impact on the computer time needed during negotiation, but it is not
 very large, so application authors/users should consider to always enable
 this option.
+The option is required to implement perfect forward secrecy (PFS).
 
 As generating DH parameters is extremely time consuming, an application
 should not generate the parameters on the fly but supply the parameters.
@@ -139,7 +141,7 @@ partly left out.)
       dh_tmp = dh_512;
       break;
     case 1024:
-      if (!dh_1024) 
+      if (!dh_1024)
         dh_1024 = get_dh1024();
       dh_tmp = dh_1024;
       break;
-- 
cgit v1.2.3