src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2013-07-18 12:39:18 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2013-07-18 12:39:18 +0000
commit	282de90e82121bc324891aba717c90857e61d4ad (patch)
tree	861ef67dfa177599ead84e08b322c9cc64b5945a
parent	36697312deef3a478248f46055b72f47517ddea9 (diff)

Document SSLECDHCurve.

ok jmc@

Diffstat

-rw-r--r--

usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html

1 files changed, 63 insertions, 4 deletions

diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html
index a744d9813e6..3ea020662e9 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html

@@ -294,7 +294,8 @@ virtual host''), which can occur inside the server config files both outside

<a href="#ToC7">SSLEngine</a>

<a href="#ToC8">SSLProtocol</a>

<a href="#ToC9">SSLCipherSuite</a>

-        <a href="#ToC9a">SSLHonorCipherOrder</a>

+        <a href="#ToC9a">SSLECDHCurve</a>

+        <a href="#ToC9b">SSLHonorCipherOrder</a>

<a href="#ToC10">SSLCertificateFile</a>

<a href="#ToC11">SSLCertificateKeyFile</a>

<a href="#ToC12">SSLCertificateChainFile</a>

@@ -1213,11 +1214,69 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW

</tr></table>

</td></tr></table>

</div>

+

+

+

+<a name="SSLECDHCurve"></a>

+<h2><a name="ToC9a">SSLECDHCurve</a></h2>

+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">

+<tr>

+<td>

+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">

+<tr>

+<td>

+<table cellspacing="0" cellpadding="1" border="0" summary="">

+<tr><td>

+Name:</a> </td><td> SSLECDHCurve</td></tr>

+<tr><td>

+Description:</a> </td><td> Named curve to use for ephemeral EC keys

+</td></tr>

+<tr><td><a

+ href="../directive-dict.html#Syntax"

+ rel="Help"

+>Syntax:</a> </td><td> <code>SSLECDHCurve</code> curve</td></tr>

+<tr><td><a

+ href="../directive-dict.html#Default"

+ rel="Help"

+>Default:</a> </td><td> <code>prime256v1</code></td></tr>

+<tr><td><a

+ href="../directive-dict.html#Context"

+ rel="Help"

+>Context:</a> </td><td> server config, virtual host</td></tr>

+<tr><td><a

+ href="../directive-dict.html#Override"

+ rel="Help"

+>Override:</a> </td><td> Not applicable</td></tr>

+<tr><td><a

+ href="../directive-dict.html#Status"

+ rel="Help"

+>Status:</a> </td><td> Extension</td></tr>

+<tr><td><a

+ href="../directive-dict.html#Module"

+ rel="Help"

+>Module:</a> </td><td> mod_ssl</td></tr>

+<tr><td><a

+ href="../directive-dict.html#Compatibility"

+ rel="Help"

+>Compatibility:</a> </td><td></td></tr>

+</table>

+</td>

+</tr>

+</table>

+</td>

+</tr>

+</table>

+

+This option specifies the named curve to use when generating ephemeral EC keys

+for an ECDHE-based cipher suite. Any named curve known by OpenSSL may be

+specified. Setting this to <code>none</code> results in no named curve being

+configured for ECDH, effectively disabling ECDHE-based cipher suites.

+

-<a name="SSLCertificateFile"></a>

-<h2><a name="ToC9a">SSLHonorCipherOrder</a></h2>

+<a name="SSLHonorCipherOrder"></a>

+<h2><a name="ToC9b">SSLHonorCipherOrder</a></h2>

<tr>

<td>

@@ -1236,7 +1295,7 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW

<tr><td><a

href="../directive-dict.html#Default"

rel="Help"

->Default:</a> </td><td> <code>HonorCip Off</td></tr>

+>Default:</a> </td><td> <code>Off</code></td></tr>

<tr><td><a

href="../directive-dict.html#Context"

rel="Help"