diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2014-10-18 19:59:47 -0400 |
---|---|---|
committer | Mike DePaulo <mikedep333@gmail.com> | 2015-02-28 07:16:10 -0500 |
commit | a1babdda61e8cb3f8d0608d87120ba46ca91a21d (patch) | |
tree | 633a4386cd59bc6ef0b809b67ca1cc0bb494218f /openssl/doc/ssl | |
parent | 8fafe3481b134a4d368ba57e3698754a6a45c4c1 (diff) | |
download | vcxsrv-a1babdda61e8cb3f8d0608d87120ba46ca91a21d.tar.gz vcxsrv-a1babdda61e8cb3f8d0608d87120ba46ca91a21d.tar.bz2 vcxsrv-a1babdda61e8cb3f8d0608d87120ba46ca91a21d.zip |
Update openssl to version openssl-1.0.1j
Diffstat (limited to 'openssl/doc/ssl')
-rw-r--r-- | openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index b34c68aba..7a27eef50 100644 --- a/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -48,12 +48,13 @@ even if he gets hold of the normal (certified) key, as this key was only used for signing. In order to perform a DH key exchange the server must use a DH group -(DH parameters) and generate a DH key. The server will always generate a new -DH key during the negotiation, when the DH parameters are supplied via -callback and/or when the SSL_OP_SINGLE_DH_USE option of -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will -immediately create a DH key, when DH parameters are supplied via -SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case, +(DH parameters) and generate a DH key. +The server will always generate a new DH key during the negotiation +if either the DH parameters are supplied via callback or the +SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set (or both). +It will immediately create a DH key if DH parameters are supplied via +SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. +In this case, it may happen that a key is generated on initialization without later being needed, while on the other hand the computer time during the negotiation is being saved. @@ -139,7 +140,7 @@ partly left out.) dh_tmp = dh_512; break; case 1024: - if (!dh_1024) + if (!dh_1024) dh_1024 = get_dh1024(); dh_tmp = dh_1024; break; |