From 29d3851ef58419274f5f80a050d22b14319eff74 Mon Sep 17 00:00:00 2001 From: Mike DePaulo Date: Sat, 10 Jan 2015 12:26:41 -0500 Subject: Update openssl to version openssl-1.0.1k --- openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) (limited to 'openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod') diff --git a/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index 534643cd9..8794eb7ac 100644 --- a/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -74,21 +74,14 @@ exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see L). -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +RSA key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. The B is called with the B needed and the B information. The B flag is set, when the -- cgit v1.2.3