ITS#7595 more doc for elliptic curve

author Howard Chu <hyc@openldap.org>

Sat, 7 Sep 2013 17:13:40 +0000 (10:13 -0700)

committer Quanah Gibson-Mount <quanah@openldap.org>

Mon, 6 May 2019 20:08:22 +0000 (20:08 +0000)
author Howard Chu <hyc@openldap.org>
Sat, 7 Sep 2013 17:13:40 +0000 (10:13 -0700)
committer Quanah Gibson-Mount <quanah@openldap.org>
Mon, 6 May 2019 20:08:22 +0000 (20:08 +0000)
diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf

index e2bc2f87121210711ff5fc1ee0cde08015474762..7aca8b798db42f7de5e3c11329863dbeb0354cbb 100644 (file)
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -203,6 +203,18 @@ or
  
  This directive is ignored with Mozilla NSS.
  
+H4: TLSECName <name>
+
+This directive specifies the curve to use for Elliptic Curve
+Diffie-Hellman ephemeral key exchange.  This is required in order
+to use ECDHE-based cipher suites in OpenSSL.  The names of supported
+curves may be shown using the following command
+
+>      openssl ecparam -list_curves
+
+This directive is not used for GnuTLS and is ignored with Mozilla NSS.
+For GnuTLS the curves may be specified in the ciphersuite.
+
  H4: TLSVerifyClient { never | allow | try | demand }
  
  This directive specifies what checks to perform on client certificates
author	Howard Chu <hyc@openldap.org>
	Sat, 7 Sep 2013 17:13:40 +0000 (10:13 -0700)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Mon, 6 May 2019 20:08:22 +0000 (20:08 +0000)