doc: improve ssl_ecdh_curve descriptions
Patch by Marko Kreen
This commit is contained in:
Bruce Momjian
parent
b8cc8f9473
commit
49cf2cd815
|
|
@ -1020,13 +1020,23 @@ include 'filename'
|
||||||
</term>
|
</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Specifies the name of the curve to use in ECDH key exchanges. The
|
Specifies the name of the curve to use in ECDH key exchange.
|
||||||
default is <literal>prime256p1</>.
|
It needs to be supported by all clients that connect.
|
||||||
|
It does not need to be same curve as used by server's
|
||||||
|
Elliptic Curve key. The default is <literal>prime256v1</>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The list of available curves can be shown with the command
|
OpenSSL names for most common curves:
|
||||||
<literal>openssl ecparam -list_curves</literal>.
|
<literal>prime256v1</> (NIST P-256),
|
||||||
|
<literal>secp384r1</> (NIST P-384),
|
||||||
|
<literal>secp521r1</> (NIST P-521).
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The full list of available curves can be shown with the command
|
||||||
|
<literal>openssl ecparam -list_curves</literal>. Not all of them
|
||||||
|
are usable in TLS though.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
||||||
|
|
@ -616,17 +616,18 @@
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Such keys are faster and have improved security over previous
|
This allows use of Elliptic Curve keys for server authentication.
|
||||||
options. The new configuration
|
Such keys are faster and have improved security over <acronym>RSA</> keys.
|
||||||
parameter <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
|
The new configuration parameter
|
||||||
controls which curve is used.
|
<link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
|
||||||
|
controls which curve is used for <acronym>ECDH</>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Improve the default <link
|
Improve the default <link
|
||||||
linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> ciphers
|
linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> value
|
||||||
(Marko Kreen)
|
(Marko Kreen)
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue