[openssl-dev] [openssl.org #4071] Doc Bug: SSL_CTX_set_tmp_dh_callback (and friends) and client code
noloader@gmail.com via RT
rt at openssl.org
Tue Oct 6 13:27:17 UTC 2015
The docs for SSL_CTX_set_tmp_dh_callback(3)
(https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tmp_dh_callback.html)
and friends state the functions are called for DH parameter selection.
It fails to state they are only called in servers, and not clients.
Please update the docs to make it clear they are server-only
functions. It might be helpful to tell users there are currently no
client-based APIs they can use to enforce an DH minimum.
Also see "How to reject weak DH parameters in an OpenSSL client?"
(http://stackoverflow.com/q/32947040) on Stack Overflow and "How to
enforce DH field size in the client?"
(http://openssl.6102.n7.nabble.com/How-to-enforce-DH-field-size-in-the-client-td60442.html)
on the User's mailing list.
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list