diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2018-03-19 10:01:39 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2018-03-19 10:22:49 -0400 |
commit | 8a5ed9dce8ee36b4bb05cb928fa7a01aba6d8e41 (patch) | |
tree | 3b942fbfeb7c69a11ed45db6993cd39455ea7e0a /doc | |
parent | 440bce8f813fa661437ce52378c3df38e2fd073b (diff) | |
download | openssl-new-8a5ed9dce8ee36b4bb05cb928fa7a01aba6d8e41.tar.gz |
Apply system_default configuration on SSL_CTX_new().
When SSL_CTX is created preinitialize it with system default
configuration from system_default section.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4848)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_read_early_data.pod | 2 | ||||
-rw-r--r-- | doc/man5/config.pod | 16 |
2 files changed, 17 insertions, 1 deletions
diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index 1b14a7391e..cdfebc86d2 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -180,7 +180,7 @@ server application will either use both of SSL_read_early_data() and SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, since there is no practical benefit from using only one of them. If the maximum early data setting for a server is non-zero then replay protection is -automatically enabled (see L<REPLAY PROTECTION> below). +automatically enabled (see L</REPLAY PROTECTION> below). In the event that the current maximum early data setting for the server is different to that originally specified in a session that a client is resuming diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 485ec0870b..7885d6a4b6 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -247,6 +247,22 @@ For example: ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 +The system default configuration with name B<system_default> if present will +be applied during any creation of the B<SSL_CTX> structure. + +Example of a configuration with the system default: + + ssl_conf = ssl_sect + + [ssl_sect] + + system_default = system_default_sect + + [system_default_sect] + + MinProtocol = TLSv1.2 + + =head1 NOTES If a configuration file attempts to expand a variable that doesn't exist |