diff options
| author | Steffan Karger | 2014-09-05 12:38:04 +0200 |
|---|---|---|
| committer | Gert Doering | 2014-11-14 15:12:08 +0100 |
| commit | c80727650461e49525eefcbc741c8245d7787ba4 (patch) | |
| tree | 4b4f5a51b52699fc42f7512873b36c2b6b35e9fc /doc | |
| parent | 44294568a113a7c54ce7fca86b4014c9d1168888 (diff) | |
| download | openvpn-c80727650461e49525eefcbc741c8245d7787ba4.zip openvpn-c80727650461e49525eefcbc741c8245d7787ba4.tar.gz | |
Add --tls-version-max
Because using TLS 1.2 breaks certain setups, a user might want to enforce
a maximum TLS version to use. This patch adds that option.
This patch removes a number of #ifdefs from ssl_polarssl.c, because the
polarssl versions we currently support (polar 1.2 for openvpn 2.3, and
polar 1.3 for openvpn-master) have all versions unconditionally enabled.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <544EC052.3080809@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9210
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/openvpn.8 | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 39b128f..d75bb76 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4292,6 +4292,11 @@ out that TLS version negotiation can lead to handshake problems due to new signature algorithms in TLS 1.2. .\"********************************************************* .TP +.B \-\-tls-version-max version +Set the maximum TLS version we will use (default is the highest version +supported). Examples for version include "1.0", "1.1", or "1.2". +.\"********************************************************* +.TP .B \-\-pkcs12 file Specify a PKCS #12 file containing local private key, local certificate, and root CA certificate. |