Whilst not a developer per se, I don't see any reason why omitting the documentation for a feature that is present is a good idea, unless the feature is/will be removed.
Perhaps just something like this: Index: ssl.8 =================================================================== RCS file: /cvs/src/share/man/man8/ssl.8,v retrieving revision 1.63 diff -u -p -r1.63 ssl.8 --- ssl.8 8 Feb 2016 19:29:58 -0000 1.63 +++ ssl.8 6 Jun 2016 12:38:26 -0000 @@ -112,38 +112,6 @@ you can switch to using the new certific with the certificate signed by your Certificate Authority, and then restarting .Xr httpd 8 . -.Sh GENERATING DSA SERVER CERTIFICATES +.Sh GENERATING DSA SERVER CERTIFICATES (INSECURE; NOT RECOMMENDED!) On Mon, 6 Jun 2016 13:40:00 +0100 Stuart Henderson <s...@spacehopper.org> wrote: > I don't think we should be encouraging anyone to do this...ok? > > Index: ssl.8 > =================================================================== > RCS file: /cvs/src/share/man/man8/ssl.8,v > retrieving revision 1.63 > diff -u -p -r1.63 ssl.8 > --- ssl.8 8 Feb 2016 19:29:58 -0000 1.63 > +++ ssl.8 6 Jun 2016 12:38:26 -0000 > @@ -112,38 +112,6 @@ you can switch to using the new certific > with the certificate signed by your Certificate Authority, and then > restarting > .Xr httpd 8 . > -.Sh GENERATING DSA SERVER CERTIFICATES > -Generating a DSA certificate involves several steps. > -First, generate parameters for DSA keys. > -The following command will generate 1024-bit keys: > -.Bd -literal -offset indent > -# openssl dsaparam 1024 -out dsa1024.pem > -.Ed > -.Pp > -Once you have the DSA parameters generated, you can generate a > -CSR and unencrypted private key using the command: > -.Bd -literal -offset indent > -# openssl req -nodes -newkey dsa:dsa1024.pem \e > - -out /etc/ssl/dsacert.csr -keyout /etc/ssl/private/dsakey.pem > -.Ed > -.Pp > -To generate an encrypted private key, you would use: > -.Bd -literal -offset indent > -# openssl req -newkey dsa:dsa1024.pem \e > - -out /etc/ssl/dsacert.csr -keyout /etc/ssl/private/dsakey.pem > -.Ed > -.Pp > -This > -.Pa server.csr > -file can then be given to a CA who will sign the key. > -.Pp > -You can also sign the key yourself, using the command: > -.Bd -literal -offset indent > -# openssl x509 -sha256 -req -days 365 \e > - -in /etc/ssl/private/dsacert.csr \e > - -signkey /etc/ssl/private/dsacert.key \e > - -out /etc/ssl/dsacert.crt > -.Ed > .Sh GENERATING ECDSA SERVER CERTIFICATES > First, generate parameters for ECDSA keys. > The following command will use a NIST/SECG curve over a 384-bit >
