diff options
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3')
-rw-r--r-- | secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 | 46 |
1 files changed, 25 insertions, 21 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 index aeead48d763cf..80ec6b6ff938e 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" -.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,16 +157,16 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. .PP -\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. The key is inherited by all \fBssl\fR objects created from \fBctx\fR. .PP -\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. .PP -\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. .PP These functions apply to \s-1SSL/TLS\s0 servers only. .SH "NOTES" @@ -191,14 +195,14 @@ should not generate the parameters on the fly but supply the parameters. the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker may specialize on a very often used \s-1DH\s0 group. Applications should therefore generate their own \s-1DH\s0 parameters during the installation process using the -openssl \fIdhparam\fR\|(1) application. This application +openssl \fBdhparam\fR\|(1) application. This application guarantees that \*(L"strong\*(R" primes are used. .PP Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the \fB\-C\fR option of the -\&\fIdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 +\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 parameters during installation should still be preferred to stop an attacker from specializing on a commonly used group. File dh1024.pem contains old parameters that must not be used by applications. @@ -209,7 +213,7 @@ can supply the \s-1DH\s0 parameters via a callback function. Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR parameters to control parameter generation for export and non-export cipher suites. Modern servers that do not support export cipher suites -are advised to either use \fISSL_CTX_set_tmp_dh()\fR or alternatively, use +are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply supply at least 2048\-bit parameters in the callback. .SH "EXAMPLES" @@ -245,16 +249,16 @@ Code for setting up parameters during server initialization: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return +\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return diagnostic output. .PP -\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0 +\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0 on failure. Check the error queue to find out the reason of failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3), -\&\fIciphers\fR\|(1), \fIdhparam\fR\|(1) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. |