ITS#9687 TLSECName is no longer required with OpenSSL 1.1+

author Howard Chu <hyc@openldap.org>

Tue, 14 Sep 2021 16:56:03 +0000 (17:56 +0100)

committer Howard Chu <hyc@openldap.org>

Tue, 14 Sep 2021 16:56:03 +0000 (17:56 +0100)
author Howard Chu <hyc@openldap.org>
Tue, 14 Sep 2021 16:56:03 +0000 (17:56 +0100)
committer Howard Chu <hyc@openldap.org>
Tue, 14 Sep 2021 16:56:03 +0000 (17:56 +0100)
diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf

index 1e2a8bfce8f9c08aa688b552f177669ae3036448..08c653460c9e2c8f6e7751924ad6be60b096cfd1 100644 (file)
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -160,12 +160,13 @@ or
  H4: TLSECName <name>
  
  This directive specifies the curve to use for Elliptic Curve
-Diffie-Hellman ephemeral key exchange.  This is required in order
+Diffie-Hellman ephemeral key exchange.  This option is only needed
  to use ECDHE-based cipher suites in OpenSSL.  The names of supported
  curves may be shown using the following command
  
  >      openssl ecparam -list_curves
  
+If it is omitted, OpenSSL will auto-negotiate the curve choice.
  This directive is not used for GnuTLS.
  For GnuTLS the curves may be specified in the ciphersuite.
author	Howard Chu <hyc@openldap.org>
	Tue, 14 Sep 2021 16:56:03 +0000 (17:56 +0100)
committer	Howard Chu <hyc@openldap.org>
	Tue, 14 Sep 2021 16:56:03 +0000 (17:56 +0100)