TLS: document the update-ca-trust
This commit is contained in:
parent
3e6ed216b4
commit
d5b32966c7
1 changed files with 6 additions and 5 deletions
|
@ -281,16 +281,17 @@
|
|||
<para>
|
||||
The client must configure the TLS library to use a set of
|
||||
trusted root certificates. These certificates are provided
|
||||
by the system in <filename
|
||||
class="directory">/etc/ssl/certs</filename> or files derived
|
||||
from it.
|
||||
by the system in various formats and files. These are documented in <literal>update-ca-trust</literal>
|
||||
man page in Fedora. Portable applications should not hard-code
|
||||
any paths; they should rely on APIs which set the default
|
||||
for the system trust store.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The client selects sufficiently strong cryptographic
|
||||
primitives and disables insecure ones (such as no-op
|
||||
encryption). Compression and SSL version 2 support must be
|
||||
encryption). Compression support and SSL version 3 or lower must be
|
||||
disabled (including the SSLv2-compatible handshake).
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -546,7 +547,7 @@
|
|||
linkend="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"/>).
|
||||
</para>
|
||||
<example id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect">
|
||||
<title>Using a GNUTLS session</title>
|
||||
<title>Closing a GNUTLS session in an orderly fashion</title>
|
||||
<xi:include href="snippets/Features-TLS-GNUTLS-Disconnect.xml"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude" />
|
||||
</example>
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue