From 18b9fc4c61f487007c8bff3bbb52f9466f3454ce Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Mon, 26 Oct 2015 15:56:13 +0100
Subject: ssh: extend 'dh_gex_limits' to server side

OTP-13066
---
 lib/ssh/doc/src/ssh.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'lib/ssh/doc')

diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 1e4dd91eb6..7c1b9ea0dc 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -475,6 +475,17 @@ kex is implicit but public_key is set explicitly.</p>
 	    </p>
 	  </item>
 
+	  <tag><c><![CDATA[{dh_gex_limits,{Min=integer(),Max=integer()}}]]></c></tag>
+	  <item>
+	    <p>Limits what a client can ask for in diffie-hellman-group-exchange. The effective value will be
+	    <c>MaxUsed = min(MaxClient,Max), MinUsed = max(MinClient,Min)</c>.
+	    </p>
+	    <p>If <c>MaxUsed &lt; MinUses</c> in a key exchange, it will fail with a disconnect.
+	    </p>
+	    <p>See RFC 4419 for the function of the max an min values.
+	    </p>
+	  </item>
+
 	  <tag><c><![CDATA[{pwdfun, fun(User::string(), password::string()) -> boolean()}]]></c></tag>
 	  <item>
 	    <p>Provides a function for password validation. This function is called
-- 
cgit v1.2.3