From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 12 Jul 2022 10:32:44 +0000 (+0200)
Subject: dhparam: Correct the documentation of -dsaparam
X-Git-Tag: openssl-3.2.0-alpha1~2372
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2885b2ca4eee5586baa50208e41a1ca54532eb3a;p=thirdparty%2Fopenssl.git

dhparam: Correct the documentation of -dsaparam

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
---

diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in
index 3f3a90bf3c9..634cd1ef982 100644
--- a/doc/man1/openssl-dhparam.pod.in
+++ b/doc/man1/openssl-dhparam.pod.in
@@ -62,14 +62,13 @@ as the input filename.
 =item B<-dsaparam>
 
 If this option is used, DSA rather than DH parameters are read or created;
-they are converted to DH format.  Otherwise, "strong" primes (such
+they are converted to DH format.  Otherwise, safe primes (such
 that (p-1)/2 is also prime) will be used for DH parameter generation.
 
-DH parameter generation with the B<-dsaparam> option is much faster,
-and the recommended exponent length is shorter, which makes DH key
-exchange more efficient.  Beware that with such DSA-style DH
-parameters, a fresh DH key should be created for each use to
-avoid small-subgroup attacks that may be possible otherwise.
+DH parameter generation with the B<-dsaparam> option is much faster.
+Beware that with such DSA-style DH parameters, a fresh DH key should be
+created for each use to avoid small-subgroup attacks that may be possible
+otherwise.
 
 =item B<-check>