From 3da460236968be1c67a38a01711d46cb257a7125 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 1 Jul 2025 13:46:59 +0200
Subject: [PATCH] kbase: tlscerts: Drop 'encryption_key' feature request
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

As TLS 1.3 performs key exchange separately from the algorithm used to
verify authenticity, the certificates for libvirt's use of TLS don't
need to require the 'encryption_key' feature any more.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 docs/kbase/tlscerts.rst | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/kbase/tlscerts.rst b/docs/kbase/tlscerts.rst
index e4aa5bb3c9..215d454998 100644
--- a/docs/kbase/tlscerts.rst
+++ b/docs/kbase/tlscerts.rst
@@ -204,7 +204,6 @@ define the server as follows:
    ip_address = 2001:cafe::74
    ip_address = fe20::24
    tls_www_server
-   encryption_key
    signing_key
 
 The 'cn' field should refer to the fully qualified public hostname of the
@@ -298,7 +297,6 @@ briefly cover the steps.
       organization = Libvirt Project
       cn = client1
       tls_www_client
-      encryption_key
       signing_key
 
    and sign by doing:
-- 
2.47.3