From 17dbef6ba837703c50a9b6b1000a929e774b26f9 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Thu, 19 Jan 2006 18:28:20 +0000 Subject: [PATCH] ITS#4354 add a note about avoiding Anonymous DH. --- doc/man/man5/slapd.conf.5 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 183ef420d1..c07d1f900a 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -963,7 +963,11 @@ it is of critical importance that it is protected carefully. This directive specifies the file that contains parameters for Diffie-Hellman ephemeral key exchange. This is required in order to use a DSA certificate on the server. If multiple sets of parameters are present in the file, all of -them will be processed. +them will be processed. Note that setting this option may also enable +Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites. +You should append "!ADH" to your cipher suites if you have changed them +from the default, otherwise no certificate exchanges or verification will +be done. .TP .B TLSRandFile Specifies the file to obtain random bits from when /dev/[u]random -- 2.39.5