diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2015-01-10 12:26:41 -0500 |
---|---|---|
committer | Mike DePaulo <mikedep333@gmail.com> | 2015-02-28 07:16:26 -0500 |
commit | 29d3851ef58419274f5f80a050d22b14319eff74 (patch) | |
tree | c70cbddb9c2100abb5e0e5fdd5acaf180b89b946 /openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | |
parent | a1babdda61e8cb3f8d0608d87120ba46ca91a21d (diff) | |
download | vcxsrv-29d3851ef58419274f5f80a050d22b14319eff74.tar.gz vcxsrv-29d3851ef58419274f5f80a050d22b14319eff74.tar.bz2 vcxsrv-29d3851ef58419274f5f80a050d22b14319eff74.zip |
Update openssl to version openssl-1.0.1k
Diffstat (limited to 'openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod')
-rw-r--r-- | openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index 534643cd9..8794eb7ac 100644 --- a/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -74,21 +74,14 @@ exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +RSA key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. The B<tmp_rsa_callback> is called with the B<keylength> needed and the B<is_export> information. The B<is_export> flag is set, when the |