From 970ccf95847f0bb3b72d6d39a8e1dfdf315334bd Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Fri, 28 Oct 2005 06:55:16 +0000
Subject: [PATCH] ITS#4017 add TLSDHParamFile

---
 doc/guide/admin/tls.sdf | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf
index 06fb70f048..fcbdd68a85 100644
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -132,6 +132,16 @@ bytes of arbitrary data into the file. The file is only used to
 provide a seed for the pseudo-random number generator, and it doesn't
 need very much data to work.
 
+H4: TLSEphemeralDHParamFile <filename>
+
+This directive specifies the file that contains parameters for Diffie-Hellman
+ephemeral key exchange.  This is required in order to use a DSA certificate on
+the server side (i.e. {{EX:TLSCertificateKeyFile}} points to a DSA key).
+Multiple sets of parameters can be included in the file; all of them will
+be processed.  Parameters can be generated using the following command
+
+>	openssl dhparam [-dsaparam] -out <filename> <numbits>
+
 H4: TLSVerifyClient { never | allow | try | demand }
 
 This directive specifies what checks to perform on client certificates
-- 
2.39.5