From: Howard Chu <hyc@openldap.org>
Date: Sat, 7 Sep 2013 17:13:40 +0000 (-0700)
Subject: ITS#7595 more doc for elliptic curve
X-Git-Tag: OPENLDAP_REL_ENG_2_4_48~88
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=62f31efe1528f247f98f2b232bbb792155d71fe8;p=thirdparty%2Fopenldap.git

ITS#7595 more doc for elliptic curve
---

diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf
index e2bc2f8712..7aca8b798d 100644
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -203,6 +203,18 @@ or
 
 This directive is ignored with Mozilla NSS.
 
+H4: TLSECName <name>
+
+This directive specifies the curve to use for Elliptic Curve
+Diffie-Hellman ephemeral key exchange.  This is required in order
+to use ECDHE-based cipher suites in OpenSSL.  The names of supported
+curves may be shown using the following command
+
+>	openssl ecparam -list_curves
+
+This directive is not used for GnuTLS and is ignored with Mozilla NSS.
+For GnuTLS the curves may be specified in the ciphersuite.
+
 H4: TLSVerifyClient { never | allow | try | demand }
 
 This directive specifies what checks to perform on client certificates