ITS#4354 add a note about avoiding Anonymous DH.

author Howard Chu <hyc@openldap.org>

Thu, 19 Jan 2006 18:28:20 +0000 (18:28 +0000)

committer Howard Chu <hyc@openldap.org>

Thu, 19 Jan 2006 18:28:20 +0000 (18:28 +0000)
author Howard Chu <hyc@openldap.org>
Thu, 19 Jan 2006 18:28:20 +0000 (18:28 +0000)
committer Howard Chu <hyc@openldap.org>
Thu, 19 Jan 2006 18:28:20 +0000 (18:28 +0000)
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5

index 183ef420d187db1997f6ac49bb3959b0de03cc9a..c07d1f900a3b3729c80c004e1e9d12f499a95f7c 100644 (file)
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -963,7 +963,11 @@ it is of critical importance that it is protected carefully.
  This directive specifies the file that contains parameters for Diffie-Hellman
  ephemeral key exchange.  This is required in order to use a DSA certificate on
  the server. If multiple sets of parameters are present in the file, all of
-them will be processed.
+them will be processed.  Note that setting this option may also enable
+Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites.
+You should append "!ADH" to your cipher suites if you have changed them
+from the default, otherwise no certificate exchanges or verification will
+be done.
  .TP
  .B TLSRandFile <filename>
  Specifies the file to obtain random bits from when /dev/[u]random
author	Howard Chu <hyc@openldap.org>
	Thu, 19 Jan 2006 18:28:20 +0000 (18:28 +0000)
committer	Howard Chu <hyc@openldap.org>
	Thu, 19 Jan 2006 18:28:20 +0000 (18:28 +0000)