chiark / gitweb /
~mdw / ca / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
etc/openssl.conf: Allow `keyEncipherment' for TLS clients.
[ca] / etc / openssl.conf
diff --git a/etc/openssl.conf b/etc/openssl.conf
index 4fa74a5a6706400788d64dbd3d825cccd59f7a83..847b1f5295376605fbbafe4d495e5a851f4061de 100644 (file)
--- a/etc/openssl.conf
+++ b/etc/openssl.conf
@@ -103,7 +103,7 @@ crlDistributionPoints = URI:http://www.distorted.org.uk/ca/crl
 
 [tls-client-extensions]
 basicConstraints = critical, CA:FALSE
-keyUsage = critical, digitalSignature
+keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = clientAuth
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer:always
A simple X.509 certificate authority.