From 8a5ed9dce8ee36b4bb05cb928fa7a01aba6d8e41 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 19 Mar 2018 10:01:39 -0400 Subject: Apply system_default configuration on SSL_CTX_new(). When SSL_CTX is created preinitialize it with system default configuration from system_default section. Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4848) --- doc/man3/SSL_read_early_data.pod | 2 +- doc/man5/config.pod | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index 1b14a73..cdfebc8 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -180,7 +180,7 @@ server application will either use both of SSL_read_early_data() and SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, since there is no practical benefit from using only one of them. If the maximum early data setting for a server is non-zero then replay protection is -automatically enabled (see L below). +automatically enabled (see L below). In the event that the current maximum early data setting for the server is different to that originally specified in a session that a client is resuming diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 485ec08..7885d6a 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -247,6 +247,22 @@ For example: ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 +The system default configuration with name B if present will +be applied during any creation of the B structure. + +Example of a configuration with the system default: + + ssl_conf = ssl_sect + + [ssl_sect] + + system_default = system_default_sect + + [system_default_sect] + + MinProtocol = TLSv1.2 + + =head1 NOTES If a configuration file attempts to expand a variable that doesn't exist -- cgit v1.1