summaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3')
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.346
1 files changed, 25 insertions, 21 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
index aeead48d763cf..80ec6b6ff938e 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3"
-.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,16 +157,16 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be
+\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be
used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR.
The callback is inherited by all \fBssl\fR objects created from \fBctx\fR.
.PP
-\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR.
+\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR.
The key is inherited by all \fBssl\fR objects created from \fBctx\fR.
.PP
-\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR.
+\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR.
.PP
-\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR.
+\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR.
.PP
These functions apply to \s-1SSL/TLS\s0 servers only.
.SH "NOTES"
@@ -191,14 +195,14 @@ should not generate the parameters on the fly but supply the parameters.
the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker
may specialize on a very often used \s-1DH\s0 group. Applications should therefore
generate their own \s-1DH\s0 parameters during the installation process using the
-openssl \fIdhparam\fR\|(1) application. This application
+openssl \fBdhparam\fR\|(1) application. This application
guarantees that \*(L"strong\*(R" primes are used.
.PP
Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters,
which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the \fB\-C\fR option of the
-\&\fIdhparam\fR\|(1) application. Generation of custom \s-1DH\s0
+\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0
parameters during installation should still be preferred to stop an
attacker from specializing on a commonly used group. File dh1024.pem
contains old parameters that must not be used by applications.
@@ -209,7 +213,7 @@ can supply the \s-1DH\s0 parameters via a callback function.
Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR
parameters to control parameter generation for export and non-export
cipher suites. Modern servers that do not support export cipher suites
-are advised to either use \fISSL_CTX_set_tmp_dh()\fR or alternatively, use
+are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use
the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply
supply at least 2048\-bit parameters in the callback.
.SH "EXAMPLES"
@@ -245,16 +249,16 @@ Code for setting up parameters during server initialization:
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return
+\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return
diagnostic output.
.PP
-\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0
+\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0
on failure. Check the error queue to find out the reason of failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3),
-\&\fISSL_CTX_set_options\fR\|(3),
-\&\fIciphers\fR\|(1), \fIdhparam\fR\|(1)
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3),
+\&\fBSSL_CTX_set_options\fR\|(3),
+\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 07:09:40 +0000