Bug 3430: Document SSL EDH cipher configuration issues

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 434e94b6d6e6c71b3b3c591923fd43506e1105db..c6bd1ac8ab4a6981f07b260584647e66f79a411b 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1370,6 +1370,10 @@ DOC_START
                            4   TLSv1 only
 
           cipher=      Colon separated list of supported ciphers.
+                       NOTE: some ciphers such as EDH ciphers depend on
+                             additional settings. If those settings are
+                             omitted the ciphers may be silently ignored
+                             by the OpenSSL library.
 
           options=     Various SSL engine options. The most important
                        being:
@@ -1378,8 +1382,8 @@ DOC_START
                            NO_TLSv1  Disallow the use of TLSv1
                            SINGLE_DH_USE Always create a new key when using
                                      temporary/ephemeral DH key exchanges
-                       See src/ssl_support.c or OpenSSL SSL_CTX_set_options
-                       documentation for a complete list of options.
+                       See OpenSSL SSL_CTX_set_options documentation for a
+                       complete list of options.
 
           clientca=    File containing the list of CAs to use when
                        requesting a client certificate.
@@ -1396,7 +1400,10 @@ DOC_START
                        the capath. Implies VERIFY_CRL flag below.
 
           dhparams=    File containing DH parameters for temporary/ephemeral
-                       DH key exchanges.
+                       DH key exchanges. See OpenSSL documentation for details
+                       on how to create this file.
+                       WARNING: EDH ciphers will be silently disabled if this
+                                option is not set.
 
           sslflags=    Various flags modifying the use of SSL:
                            DELAYED_AUTH