summaryrefslogtreecommitdiffstats
path: root/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3')
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.317
1 files changed, 9 insertions, 8 deletions
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index 4664653..267ef4e 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_dh_callback 3"
-.TH SSL_CTX_set_tmp_dh_callback 3 "2014-08-06" "1.0.1i" "OpenSSL"
+.TH SSL_CTX_set_tmp_dh_callback 3 "2014-10-15" "1.0.1j" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -175,12 +175,13 @@ even if he gets hold of the normal (certified) key, as this key was
only used for signing.
.PP
In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group
-(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new
-\&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via
-callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of
-\&\fISSL_CTX_set_options\fR\|(3) is set. It will
-immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via
-\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case,
+(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key.
+The server will always generate a new \s-1DH\s0 key during the negotiation
+if either the \s-1DH\s0 parameters are supplied via callback or the
+\&\s-1SSL_OP_SINGLE_DH_USE\s0 option of \fISSL_CTX_set_options\fR\|(3) is set (or both).
+It will immediately create a \s-1DH\s0 key if \s-1DH\s0 parameters are supplied via
+\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set.
+In this case,
it may happen that a key is generated on initialization without later
being needed, while on the other hand the computer time during the
negotiation is being saved.
@@ -266,7 +267,7 @@ partly left out.)
\& dh_tmp = dh_512;
\& break;
\& case 1024:
-\& if (!dh_1024)
+\& if (!dh_1024)
\& dh_1024 = get_dh1024();
\& dh_tmp = dh_1024;
\& break;
OpenPOWER on IntegriCloud