From 51faa9ffdac6c6cce6f460bc8ccc8339e5a4672c Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 14 Jun 2016 20:57:11 +0200
Subject: [PATCH] As noted by @stirnim, OpenSSL does not respect rfc6979

---
 docs/markdown/authoritative/dnssec.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/markdown/authoritative/dnssec.md b/docs/markdown/authoritative/dnssec.md
index d8b74b9ccd..d6911aef83 100644
--- a/docs/markdown/authoritative/dnssec.md
+++ b/docs/markdown/authoritative/dnssec.md
@@ -111,8 +111,8 @@ In order to facilitate interoperability with existing technologies, PowerDNS key
 can be imported and exported in industry standard formats.
 
 When using OpenSSL for ECDSA signatures (this is default), starting from OpenSSL
-1.1.0, [RFC 6979](http://tools.ietf.org/html/rfc6979) deterministic signatures are
-used.
+1.1.0, the algorithm used is resilient against PRNG failure, while not
+strictly conforming to [RFC 6979](http://tools.ietf.org/html/rfc6979).
 
 **Note**: Actual supported algorithms depend on the crypto-libraries PowerDNS was
 compiled against. To check the supported DNSSEC algoritms in your build of PowerDNS,
-- 
2.47.2