summaryrefslogtreecommitdiff
path: root/main/openvpn/doc/openvpn.8
diff options
context:
space:
mode:
Diffstat (limited to 'main/openvpn/doc/openvpn.8')
-rw-r--r--main/openvpn/doc/openvpn.820
1 files changed, 15 insertions, 5 deletions
diff --git a/main/openvpn/doc/openvpn.8 b/main/openvpn/doc/openvpn.8
index f2911c0e..a3d3e28c 100644
--- a/main/openvpn/doc/openvpn.8
+++ b/main/openvpn/doc/openvpn.8
@@ -4238,13 +4238,18 @@ Not available with PolarSSL.
File containing Diffie Hellman parameters
in .pem format (required for
.B \-\-tls-server
-only). Use
+only).
-.B openssl dhparam -out dh1024.pem 1024
+Set
+.B file=none
+to disable Diffie Hellman key exchange (and use ECDH only). Note that this
+requires peers to be using an SSL library that supports ECDH TLS cipher suites
+(e.g. OpenSSL 1.0.1+, or PolarSSL 1.3+).
-to generate your own, or use the existing dh1024.pem file
-included with the OpenVPN distribution. Diffie Hellman parameters
-may be considered public.
+Use
+.B openssl dhparam -out dh2048.pem 2048
+to generate 2048-bit DH parameters. Diffie Hellman parameters may be considered
+public.
.\"*********************************************************
.TP
.B \-\-ecdh-curve name
@@ -4330,6 +4335,11 @@ and version is not recognized, we will only accept the highest TLS
version supported by the local SSL implementation.
.\"*********************************************************
.TP
+.B \-\-tls-version-max version
+Set the maximum TLS version we will use (default is the highest version
+supported). Examples for version include "1.0", "1.1", or "1.2".
+.\"*********************************************************
+.TP
.B \-\-pkcs12 file
Specify a PKCS #12 file containing local private key,
local certificate, and root CA certificate.