From a8c1e37d43873d5d8ed71d240f963c9aba75e44e Mon Sep 17 00:00:00 2001 From: Pauli Date: Fri, 13 Mar 2020 08:23:27 +1000 Subject: [PATCH] Remove reference to old DH files. The files are incorrect for TLS. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11314) --- doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 8 -------- 1 file changed, 8 deletions(-) diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index c8d25f4573..9b577bdd86 100644 --- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -62,14 +62,6 @@ generate their own DH parameters during the installation process using the openssl L application. This application guarantees that "strong" primes are used. -Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current -version of the OpenSSL distribution contain two of the MODP Diffie-Hellman -groups for IKE as per RFC 3526. These files can be converted into C code -using the B<-C> option of the L application. Generation -of custom DH parameters during installation should still be preferred to -stop an attacker from specializing on a commonly used group. File dh1024.pem -contains old parameters that must not be used by applications. - An application may either directly specify the DH parameters or can supply the DH parameters via a callback function. -- 2.25.1