ITS#7595 more doc for elliptic curve

author Howard Chu <hyc@openldap.org>

Sat, 7 Sep 2013 17:13:40 +0000 (10:13 -0700)

committer Howard Chu <hyc@openldap.org>

Sat, 7 Sep 2013 17:13:40 +0000 (10:13 -0700)
author Howard Chu <hyc@openldap.org>
Sat, 7 Sep 2013 17:13:40 +0000 (10:13 -0700)
committer Howard Chu <hyc@openldap.org>
Sat, 7 Sep 2013 17:13:40 +0000 (10:13 -0700)
diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf

index cd8343da9713164e88660e25959da793c73fb97d..358c24398e0d91e5f955c4f611cba0054c8486aa 100644 (file)
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -203,6 +203,18 @@ or
  
  This directive is ignored with Mozilla NSS.
  
+H4: TLSECName <name>
+
+This directive specifies the curve to use for Elliptic Curve
+Diffie-Hellman ephemeral key exchange.  This is required in order
+to use ECDHE-based cipher suites in OpenSSL.  The names of supported
+curves may be shown using the following command
+
+>      openssl ecparam -list_curves
+
+This directive is not used for GnuTLS and is ignored with Mozilla NSS.
+For GnuTLS the curves may be specified in the ciphersuite.
+
  H4: TLSVerifyClient { never | allow | try | demand }
  
  This directive specifies what checks to perform on client certificates
author	Howard Chu <hyc@openldap.org>
	Sat, 7 Sep 2013 17:13:40 +0000 (10:13 -0700)
committer	Howard Chu <hyc@openldap.org>
	Sat, 7 Sep 2013 17:13:40 +0000 (10:13 -0700)