summaryrefslogtreecommitdiff
path: root/app/openvpn/doc/openvpn.8
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2015-01-31 01:20:59 +0100
committerParménides GV <parmegv@sdf.org>2015-01-31 01:20:59 +0100
commit29fd5bc150155505a9fe0ffa4f1d0ac81db78724 (patch)
tree90c4af22d047b7297a66a9e623c86c5af63b12f6 /app/openvpn/doc/openvpn.8
parent1a4643dc08a86dcd9650afa2255945df14445f2d (diff)
parentc95a21a736fadb46685e051064b0ec1efdae667a (diff)
Merge branch 'bug/second-notification-reintroduced' into develop
Diffstat (limited to 'app/openvpn/doc/openvpn.8')
-rw-r--r--app/openvpn/doc/openvpn.833
1 files changed, 27 insertions, 6 deletions
diff --git a/app/openvpn/doc/openvpn.8 b/app/openvpn/doc/openvpn.8
index 532eda5c..a8c189c9 100644
--- a/app/openvpn/doc/openvpn.8
+++ b/app/openvpn/doc/openvpn.8
@@ -4239,13 +4239,18 @@ Not available with PolarSSL.
File containing Diffie Hellman parameters
in .pem format (required for
.B \-\-tls-server
-only). Use
+only).
-.B openssl dhparam -out dh1024.pem 1024
+Set
+.B file=none
+to disable Diffie Hellman key exchange (and use ECDH only). Note that this
+requires peers to be using an SSL library that supports ECDH TLS cipher suites
+(e.g. OpenSSL 1.0.1+, or PolarSSL 1.3+).
-to generate your own, or use the existing dh1024.pem file
-included with the OpenVPN distribution. Diffie Hellman parameters
-may be considered public.
+Use
+.B openssl dhparam -out dh2048.pem 2048
+to generate 2048-bit DH parameters. Diffie Hellman parameters may be considered
+public.
.\"*********************************************************
.TP
.B \-\-ecdh-curve name
@@ -4393,6 +4398,16 @@ This option can be used instead of
.B \-\-cert, \-\-key,
and
.B \-\-pkcs12.
+
+If p11-kit is present on the system, its
+.B p11-kit-proxy.so
+module will be loaded by default if either the
+.B \-\-pkcs11\-id
+or
+.B \-\-pkcs11\-id\-management
+options are specified without
+.B \-\-pkcs11\-provider
+being given.
.\"*********************************************************
.TP
.B \-\-pkcs11-private-mode mode...
@@ -5480,11 +5495,17 @@ adapter list.
.SS PKCS#11 Standalone Options:
.\"*********************************************************
.TP
-.B \-\-show-pkcs11-ids provider [cert_private]
+.B \-\-show-pkcs11-ids [provider] [cert_private]
(Standalone)
Show PKCS#11 token object list. Specify cert_private as 1
if certificates are stored as private objects.
+If p11-kit is present on the system, the
+.B provider
+argument is optional; if omitted the default
+.B p11-kit-proxy.so
+module will be queried.
+
.B \-\-verb
option can be used BEFORE this option to produce debugging information.
.\"*********************************************************