ITS#4017 add TLSDHParamFile

author Howard Chu <hyc@openldap.org>

Fri, 28 Oct 2005 06:55:16 +0000 (06:55 +0000)

committer Howard Chu <hyc@openldap.org>

Fri, 28 Oct 2005 06:55:16 +0000 (06:55 +0000)
author Howard Chu <hyc@openldap.org>
Fri, 28 Oct 2005 06:55:16 +0000 (06:55 +0000)
committer Howard Chu <hyc@openldap.org>
Fri, 28 Oct 2005 06:55:16 +0000 (06:55 +0000)
diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf

index 06fb70f0489c5ba2fd009b698c1f947ab58cb321..fcbdd68a85343aca45d730c7e208300a06b062ad 100644 (file)
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -132,6 +132,16 @@ bytes of arbitrary data into the file. The file is only used to
  provide a seed for the pseudo-random number generator, and it doesn't
  need very much data to work.
  
+H4: TLSEphemeralDHParamFile <filename>
+
+This directive specifies the file that contains parameters for Diffie-Hellman
+ephemeral key exchange.  This is required in order to use a DSA certificate on
+the server side (i.e. {{EX:TLSCertificateKeyFile}} points to a DSA key).
+Multiple sets of parameters can be included in the file; all of them will
+be processed.  Parameters can be generated using the following command
+
+>      openssl dhparam [-dsaparam] -out <filename> <numbits>
+
  H4: TLSVerifyClient { never | allow | try | demand }
  
  This directive specifies what checks to perform on client certificates
author	Howard Chu <hyc@openldap.org>
	Fri, 28 Oct 2005 06:55:16 +0000 (06:55 +0000)
committer	Howard Chu <hyc@openldap.org>
	Fri, 28 Oct 2005 06:55:16 +0000 (06:55 +0000)