[openssl-dev] [openssl.org #4071] Doc Bug: SSL_CTX_set_tmp_dh_callback (and friends) and client code
Stephen Henson via RT
rt at openssl.org
Tue Oct 6 16:29:54 UTC 2015
On Tue Oct 06 13:27:17 2015, noloader at gmail.com wrote:
>
> Please update the docs to make it clear they are server-only
> functions. It might be helpful to tell users there are currently no
> client-based APIs they can use to enforce an DH minimum.
>
Well there is in the master branch through security levels and a custom
callback (if the supplied levels don't meet your needs). Currently the callback
operation is undocumented: that will be fixed.
For other branches.. there *is* a way to limit DH parameters globally using a
custom DH method but it's a bit messy. I've attached an example.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhdemo.c
Type: text/x-csrc
Size: 763 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151006/a67a61bc/attachment.c>
More information about the openssl-dev
mailing list