Jesper Wallin(jes...@ifconfig.se) on 2020.05.01 12:15:06 +0200: > Hi all, > > I was trying to score 100 on all the tests over at ssllabs.com, but seem > to only reach 90 on "Key Exchange". Not sure if it's related, but I was > playing with the "dhe" option in relayd.conf(5) in order to increase the > number of bits used for the ephemeral key. No matter how I specified > the option, nothing really changed and I started reading the code in > order to understand what the option actually do. I might be completely > wrong, but from my understanding, it feeds the params of "dhe" as the > second argument to tls_config_set_dheparams(), which expects "none", > "legacy" or "auto". > > My guess is that tls_config_set_dheparams() has been updated and the > manual for relayd.conf(5) has not. Here's a diff that hopefully solves > that. > > > Jesper Wallin
Thanks for noticing this, i fixed the manpage. /Benno