From c35a44085e856f5a17ea4c73404cd9315d5f3db0 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 12 Aug 2017 04:24:49 +0000 Subject: Document tls_config_set_dheparams(). --- src/lib/libtls/man/tls_config_set_protocols.3 | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libtls/man/tls_config_set_protocols.3 b/src/lib/libtls/man/tls_config_set_protocols.3 index b9ee8201ff..4f5c91a3f0 100644 --- a/src/lib/libtls/man/tls_config_set_protocols.3 +++ b/src/lib/libtls/man/tls_config_set_protocols.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_config_set_protocols.3,v 1.5 2017/08/11 10:33:31 jmc Exp $ +.\" $OpenBSD: tls_config_set_protocols.3,v 1.6 2017/08/12 04:24:49 jsing Exp $ .\" .\" Copyright (c) 2014 Ted Unangst .\" Copyright (c) 2015, 2016 Joel Sing @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 11 2017 $ +.Dd $Mdocdate: August 12 2017 $ .Dt TLS_CONFIG_SET_PROTOCOLS 3 .Os .Sh NAME @@ -125,10 +125,19 @@ Alternatively, libssl cipher strings can be specified. See the CIPHERS section of .Xr openssl 1 for further information. -.\" XXX tls_config_set_dheparams does what? +.Pp +.Fn tls_config_set_dheparams +specifies the parameters that will be used during Diffie-Hellman Ephemeral +(DHE) key exchange. +Possible values are "none", "auto" and "legacy". +In "auto" mode, the key size for the ephemeral key is automatically selected +based on the size of the private key being used for signing. +In "legacy" mode, 1024 bit ephemeral keys are used. +The default value is "none", which disables DHE key exchange. .Pp .Fn tls_config_set_ecdhecurves -specifies the names of the elliptic curves that may be used during key exchange. +specifies the names of the elliptic curves that may be used during Elliptic +Curve Diffie-Hellman Ephemeral (ECDHE) key exchange. This is a comma separated list, given in order of preference. The special value of "default" will use the default curves (currently X25519, P-256 and P-384). -- cgit v1.2.3-55-g6feb