From 192f5b50e32ed14945317325a5465f40abfcc587 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 28 Oct 2014 23:07:58 +0100 Subject: Update Openssl to aosp/master (includes useless (for OpenVPN)) SSLv3 Fallback fix --HG-- extra : rebase_source : 4ec3b7a7844aa1ca198c4538ecdf28f027ceb1b1 --- main/openvpn/doc/openvpn.8 | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'main/openvpn/doc') diff --git a/main/openvpn/doc/openvpn.8 b/main/openvpn/doc/openvpn.8 index f2911c0e..a3d3e28c 100644 --- a/main/openvpn/doc/openvpn.8 +++ b/main/openvpn/doc/openvpn.8 @@ -4238,13 +4238,18 @@ Not available with PolarSSL. File containing Diffie Hellman parameters in .pem format (required for .B \-\-tls-server -only). Use +only). -.B openssl dhparam -out dh1024.pem 1024 +Set +.B file=none +to disable Diffie Hellman key exchange (and use ECDH only). Note that this +requires peers to be using an SSL library that supports ECDH TLS cipher suites +(e.g. OpenSSL 1.0.1+, or PolarSSL 1.3+). -to generate your own, or use the existing dh1024.pem file -included with the OpenVPN distribution. Diffie Hellman parameters -may be considered public. +Use +.B openssl dhparam -out dh2048.pem 2048 +to generate 2048-bit DH parameters. Diffie Hellman parameters may be considered +public. .\"********************************************************* .TP .B \-\-ecdh-curve name @@ -4330,6 +4335,11 @@ and version is not recognized, we will only accept the highest TLS version supported by the local SSL implementation. .\"********************************************************* .TP +.B \-\-tls-version-max version +Set the maximum TLS version we will use (default is the highest version +supported). Examples for version include "1.0", "1.1", or "1.2". +.\"********************************************************* +.TP .B \-\-pkcs12 file Specify a PKCS #12 file containing local private key, local certificate, and root CA certificate. -- cgit v1.2.3