diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2015-01-27 15:19:27 +0100 |
|---|---|---|
| committer | Arne Schwabe <arne@rfc2549.org> | 2015-01-27 15:19:27 +0100 |
| commit | c17342b3a53845b379ce7171f095a3a880c98b98 (patch) | |
| tree | 321e727d52dffe2d274a3ab966b4cb7e65c7d758 /main/openvpn/doc/openvpn.8 | |
| parent | 6b7c74853686fc578884ebca52b1c43be4f839c0 (diff) | |
Update OpenVPN to -master, fix network-change command (closes issue #312)
Diffstat (limited to 'main/openvpn/doc/openvpn.8')
| -rw-r--r-- | main/openvpn/doc/openvpn.8 | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/main/openvpn/doc/openvpn.8 b/main/openvpn/doc/openvpn.8 index 532eda5c..a8c189c9 100644 --- a/main/openvpn/doc/openvpn.8 +++ b/main/openvpn/doc/openvpn.8 @@ -4239,13 +4239,18 @@ Not available with PolarSSL. File containing Diffie Hellman parameters in .pem format (required for .B \-\-tls-server -only). Use +only). -.B openssl dhparam -out dh1024.pem 1024 +Set +.B file=none +to disable Diffie Hellman key exchange (and use ECDH only). Note that this +requires peers to be using an SSL library that supports ECDH TLS cipher suites +(e.g. OpenSSL 1.0.1+, or PolarSSL 1.3+). -to generate your own, or use the existing dh1024.pem file -included with the OpenVPN distribution. Diffie Hellman parameters -may be considered public. +Use +.B openssl dhparam -out dh2048.pem 2048 +to generate 2048-bit DH parameters. Diffie Hellman parameters may be considered +public. .\"********************************************************* .TP .B \-\-ecdh-curve name @@ -4393,6 +4398,16 @@ This option can be used instead of .B \-\-cert, \-\-key, and .B \-\-pkcs12. + +If p11-kit is present on the system, its +.B p11-kit-proxy.so +module will be loaded by default if either the +.B \-\-pkcs11\-id +or +.B \-\-pkcs11\-id\-management +options are specified without +.B \-\-pkcs11\-provider +being given. .\"********************************************************* .TP .B \-\-pkcs11-private-mode mode... @@ -5480,11 +5495,17 @@ adapter list. .SS PKCS#11 Standalone Options: .\"********************************************************* .TP -.B \-\-show-pkcs11-ids provider [cert_private] +.B \-\-show-pkcs11-ids [provider] [cert_private] (Standalone) Show PKCS#11 token object list. Specify cert_private as 1 if certificates are stored as private objects. +If p11-kit is present on the system, the +.B provider +argument is optional; if omitted the default +.B p11-kit-proxy.so +module will be queried. + .B \-\-verb option can be used BEFORE this option to produce debugging information. .\"********************************************************* |