upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-02 04:59:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#4354 add a note about avoiding Anonymous DH.

Browse source
This commit is contained in:
Howard Chu 2006-01-19 18:28:20 +00:00
parent fb4cba514d
commit 17dbef6ba8
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doc/man/man5/slapd.conf.5
View file

@ -963,7 +963,11 @@ it is of critical importance that it is protected carefully.
This directive specifies the file that contains parameters for Diffie-Hellman
ephemeral key exchange. This is required in order to use a DSA certificate on
the server. If multiple sets of parameters are present in the file, all of
them will be processed.
them will be processed. Note that setting this option may also enable
Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites.
You should append "!ADH" to your cipher suites if you have changed them
from the default, otherwise no certificate exchanges or verification will
be done.
.TP
.B TLSRandFile <filename>
Specifies the file to obtain random bits from when /dev/[u]random