From: Howard Chu <hyc@openldap.org>
Date: Fri, 28 Oct 2005 06:55:16 +0000 (+0000)
Subject: ITS#4017 add TLSDHParamFile
X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~179
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=970ccf95847f0bb3b72d6d39a8e1dfdf315334bd;p=openldap

ITS#4017 add TLSDHParamFile
---

diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf
index 06fb70f048..fcbdd68a85 100644
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -132,6 +132,16 @@ bytes of arbitrary data into the file. The file is only used to
 provide a seed for the pseudo-random number generator, and it doesn't
 need very much data to work.
 
+H4: TLSEphemeralDHParamFile <filename>
+
+This directive specifies the file that contains parameters for Diffie-Hellman
+ephemeral key exchange.  This is required in order to use a DSA certificate on
+the server side (i.e. {{EX:TLSCertificateKeyFile}} points to a DSA key).
+Multiple sets of parameters can be included in the file; all of them will
+be processed.  Parameters can be generated using the following command
+
+>	openssl dhparam [-dsaparam] -out <filename> <numbits>
+
 H4: TLSVerifyClient { never | allow | try | demand }
 
 This directive specifies what checks to perform on client certificates