Document TLS::Policy::require_cert_revocation_info

author: Jack Lloyd <[email protected]> 2016-11-28 05:30:54 -0500
committer: Jack Lloyd <[email protected]> 2016-11-28 05:30:54 -0500
commit: 71406354a1ec7c2021b92e051ede72fe0466639a (patch)
tree: bbe6ae8104efe42e3a018c0d9374102960dd944c /doc
parent: ea3cb1e12822bbdbe99938ef47ac739f9c891ff4 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index 2100bb7d3..782e905dc 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -705,6 +705,26 @@ policy settings from a file.
 
      Default: false
 
+ .. cpp:function:: size_t minimum_signature_strength() const
+
+     Return the minimum strength (as ``n``, representing ``2**n`` work)
+     we will accept for a signature algorithm on any certificate.
+
+     Use 80 to enable RSA-1024 (*not recommended*), or 128 to require
+     either ECC or large (~3000 bit) RSA keys.
+
+     Default: 110 (allowing 2048 bit RSA)
+
+ .. cpp:function:: bool require_cert_revocation_info() const
+
+     If this function returns true, and a ciphersuite using certificates was
+     negotiated, then we must have access to a valid CRL or OCSP response in
+     order to trust the certificate.
+
+     .. warning:: Returning false here could expose you to attacks
+
+     Default: true
+
  .. cpp:function:: std::string dh_group() const
 
      For ephemeral Diffie-Hellman key exchange, the server sends a
author	Jack Lloyd <[email protected]>	2016-11-28 05:30:54 -0500
committer	Jack Lloyd <[email protected]>	2016-11-28 05:30:54 -0500
commit	71406354a1ec7c2021b92e051ede72fe0466639a (patch)
tree	bbe6ae8104efe42e3a018c0d9374102960dd944c /doc
parent	ea3cb1e12822bbdbe99938ef47ac739f9c891ff4 (diff)