long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
long SSL_need_tmp_rsa(SSL *ssl)
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
+ RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
=head1 DESCRIPTION
B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
-SSL_CTX_need_tmp_rsa() returns 1, if a temporay/ephemeral RSA key is needed
+SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
with a keysize larger than 512 bits is installed.
SSL_set_tmp_rsa() sets the key only for B<ssl>.
-SSL_need_tmp_rsa() returns 1, if a temporay/ephemeral RSA key is needed,
+SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
with a keysize larger than 512 bits is installed.
for export ciphers. Using ephemeral RSA key exchange for other purposes
violates the standard and can break interoperability with clients.
It is therefore strongly recommended to not use ephemeral RSA key
-exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
+exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead
in order to achieve forward secrecy (see
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
projects / oweals / openssl.git / blobdiff