From: Howard Chu Date: Tue, 14 Sep 2021 16:56:03 +0000 (+0100) Subject: ITS#9687 TLSECName is no longer required with OpenSSL 1.1+ X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7717ae75398e8cf8312aa0c89f0002c6f10c588;p=thirdparty%2Fopenldap.git ITS#9687 TLSECName is no longer required with OpenSSL 1.1+ --- diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf index 1e2a8bfce8..08c653460c 100644 --- a/doc/guide/admin/tls.sdf +++ b/doc/guide/admin/tls.sdf @@ -160,12 +160,13 @@ or H4: TLSECName This directive specifies the curve to use for Elliptic Curve -Diffie-Hellman ephemeral key exchange. This is required in order +Diffie-Hellman ephemeral key exchange. This option is only needed to use ECDHE-based cipher suites in OpenSSL. The names of supported curves may be shown using the following command > openssl ecparam -list_curves +If it is omitted, OpenSSL will auto-negotiate the curve choice. This directive is not used for GnuTLS. For GnuTLS the curves may be specified in the ciphersuite.