From ba86c086c72d168353434531db7954681e20ac0b Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 12 Jul 2022 12:32:44 +0200 Subject: dhparam: Correct the documentation of -dsaparam Reviewed-by: Kurt Roeckx Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18480) (cherry picked from commit 2885b2ca4eee5586baa50208e41a1ca54532eb3a) --- doc/man1/openssl-dhparam.pod.in | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in index d358ba9..2a442ba 100644 --- a/doc/man1/openssl-dhparam.pod.in +++ b/doc/man1/openssl-dhparam.pod.in @@ -60,14 +60,13 @@ as the input filename. =item B<-dsaparam> If this option is used, DSA rather than DH parameters are read or created; -they are converted to DH format. Otherwise, "strong" primes (such +they are converted to DH format. Otherwise, safe primes (such that (p-1)/2 is also prime) will be used for DH parameter generation. -DH parameter generation with the B<-dsaparam> option is much faster, -and the recommended exponent length is shorter, which makes DH key -exchange more efficient. Beware that with such DSA-style DH -parameters, a fresh DH key should be created for each use to -avoid small-subgroup attacks that may be possible otherwise. +DH parameter generation with the B<-dsaparam> option is much faster. +Beware that with such DSA-style DH parameters, a fresh DH key should be +created for each use to avoid small-subgroup attacks that may be possible +otherwise. =item B<-check> -- cgit v1.1