The branch master has been updated via 3472082b4b6d73e0803a7c47f03e96ec0a69f77b (commit) from c6fec81b88131d08c1022504ccf6effa95497afb (commit)
- Log ----------------------------------------------------------------- commit 3472082b4b6d73e0803a7c47f03e96ec0a69f77b Author: Benjamin Kaduk <bka...@akamai.com> Date: Thu Jan 23 17:08:34 2020 -0800 openssl-config: add example libssl system-defaults Provide a "simple" example for affecting the systemwide default behavior of libssl. The large number of mandatory nested sections makes this less simple than the main description might suggest. Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10937) ----------------------------------------------------------------------- Summary of changes: doc/man5/config.pod | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 1776439edd..680ad6578a 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -469,6 +469,22 @@ Simple OpenSSL library configuration example to enter FIPS mode: Note: in the above example you will get an error in non FIPS capable versions of OpenSSL. +Simple OpenSSL library configuration to make TLS 1.3 the system-default +minimum TLS version: + + # Toplevel section for openssl (including libssl) + openssl_conf = default_conf_section + + [default_conf_section] + # We only specify configuration for the "ssl module" + ssl_conf = ssl_section + + [ssl_section] + system_default = system_default_section + + [system_default_section] + MinProtocol = TLSv1.3 + More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: # Default appname: should match "appname" parameter (if any)