From: Peter Krempa <pkrempa(a)redhat.com>
As TLS 1.3 performs key exchange separately from the algorithm used to
verify authenticity, the certificates for libvirt's use of TLS don't
need to require the 'encryption_key' feature any more.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/kbase/tlscerts.rst | 2 --
1 file changed, 2 deletions(-)
diff --git a/docs/kbase/tlscerts.rst b/docs/kbase/tlscerts.rst
index e4aa5bb3c9..215d454998 100644
--- a/docs/kbase/tlscerts.rst
+++ b/docs/kbase/tlscerts.rst
@@ -204,7 +204,6 @@ define the server as follows:
ip_address = 2001:cafe::74
ip_address = fe20::24
tls_www_server
- encryption_key
signing_key
The 'cn' field should refer to the fully qualified public hostname of the
@@ -298,7 +297,6 @@ briefly cover the steps.
organization = Libvirt Project
cn = client1
tls_www_client
- encryption_key
signing_key
and sign by doing:
--
2.49.0