diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_read_early_data.pod | 2 | ||||
-rw-r--r-- | doc/man5/config.pod | 16 |
2 files changed, 17 insertions, 1 deletions
diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index 1b14a73..cdfebc8 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -180,7 +180,7 @@ server application will either use both of SSL_read_early_data() and SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, since there is no practical benefit from using only one of them. If the maximum early data setting for a server is non-zero then replay protection is -automatically enabled (see L<REPLAY PROTECTION> below). +automatically enabled (see L</REPLAY PROTECTION> below). In the event that the current maximum early data setting for the server is different to that originally specified in a session that a client is resuming diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 485ec08..7885d6a 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -247,6 +247,22 @@ For example: ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 +The system default configuration with name B<system_default> if present will +be applied during any creation of the B<SSL_CTX> structure. + +Example of a configuration with the system default: + + ssl_conf = ssl_sect + + [ssl_sect] + + system_default = system_default_sect + + [system_default_sect] + + MinProtocol = TLSv1.2 + + =head1 NOTES If a configuration file attempts to expand a variable that doesn't exist |