Changeset f5342b1 in mod_gnutls for doc/mod_gnutls_manual.mdwn


Ignore:
Timestamp:
Apr 16, 2018, 8:42:39 PM (3 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, upstream
Children:
300ae82, f4ac9ccd
Parents:
e105d3e (diff), 2a912c3 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

New upstream version 0.8.3

File:
1 edited

Legend:

Unmodified
Added
Removed
  • doc/mod_gnutls_manual.mdwn

    re105d3e rf5342b1  
    178178### GnuTLSDHFile
    179179
    180 Set to the PKCS \#3 encoded Diffie Hellman parameters
     180Use the provided PKCS \#3 encoded Diffie-Hellman parameters
    181181
    182182    GnuTLSDHFile FILEPATH
     
    185185Context: server config, virtual host
    186186
    187 Takes an absolute or relative path to a PKCS \#3 encoded DH
    188 parameters.Those are used when the DHE key exchange method is enabled.
    189 You can generate this file using `certtool --generate-dh-params --bits
    190 2048`.  If not set `mod_gnutls` will use the included parameters.
     187By default, `mod_gnutls` uses the DH parameters included with GnuTLS
     188corresponding to the security level of the configured private keys if
     189compiled with GnuTLS 3.5.6 or newer, and the ffdhe2048 DH group as
     190defined in RFC 7919, Appendix A.1 otherwise.
     191
     192If you need to use different DH parameters, you can provide a PEM file
     193containing them in PKCS \#3 encoding using this option. Please see the
     194"[Parameter
     195generation](https://gnutls.org/manual/html_node/Parameter-generation.html)"
     196section of the GnuTLS documentation for a short discussion of the
     197security implications.
    191198
    192199### GnuTLSPriorities
     
    353360OpenPGP Certificate Authentication
    354361----------------------------------
     362
     363*Warning:* OpenPGP support has been deprecated in GnuTLS since version
     3643.5.9 and will be removed completely. Consequently, OpenPGP support in
     365`mod_gnutls` is deprecated as well and will be removed in a future
     366release.
    355367
    356368### GnuTLSPGPCertificateFile
     
    721733
    722734`mod_gnutls` supports "Server Name Indication", as specified in
    723 RFC 3546. This allows hosting many TLS websites with a single IP
    724 address. All recent browsers support this standard. Here is an
    725 example using SNI:
     735[RFC 6066, Section 3](https://tools.ietf.org/html/rfc6066#section-3). This
     736allows hosting many TLS websites with a single IP address. All recent
     737browsers support this standard. Here is an example using SNI:
    726738
    727739     # Load the module into Apache.
     
    889901-----------------
    890902
    891 The SSL or TLS cipher suite name
     903The distinguished name of the issuer of the client's certificate in
     904RFC2253 format.
    892905
    893906`SSL_CLIENT_S_AN%`
Note: See TracChangeset for help on using the changeset viewer.