From: Pauli <paul.dale@oracle.com>
Date: Thu, 12 Mar 2020 22:23:27 +0000 (+1000)
Subject: Remove reference to old DH files.
X-Git-Tag: openssl-3.0.0-alpha1~262
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a8c1e37d43873d5d8ed71d240f963c9aba75e44e;p=thirdparty%2Fopenssl.git

Remove reference to old DH files.

The files are incorrect for TLS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11314)
---

diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
index c8d25f4573b..9b577bdd86a 100644
--- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
+++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
@@ -62,14 +62,6 @@ generate their own DH parameters during the installation process using the
 openssl L<openssl-dhparam(1)> application. This application
 guarantees that "strong" primes are used.
 
-Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
-version of the OpenSSL distribution contain two of the MODP Diffie-Hellman
-groups for IKE as per RFC 3526.  These files can be converted into C code
-using the B<-C> option of the L<openssl-dhparam(1)> application. Generation
-of custom DH parameters during installation should still be preferred to
-stop an attacker from specializing on a commonly used group. File dh1024.pem
-contains old parameters that must not be used by applications.
-
 An application may either directly specify the DH parameters or
 can supply the DH parameters via a callback function.