As suggested by krzee in trac #790, refer to the --tls-crypt option form the --tls-auth section of the man page, to encourage users to check out the --tls-crypt feature.
Trac: #790 Signed-off-by: Steffan Karger <stef...@karger.me> --- doc/openvpn.8 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index b1ca9ed..c618746 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5029,6 +5029,11 @@ key file used with .B \-\-tls\-auth gives a peer nothing more than the power to initiate a TLS handshake. It is not used to encrypt or authenticate any tunnel data. + +Use +.B \-\-tls\-crypt +instead if you want to use the key file to not only authenticate, but also +encrypt the TLS control channel. .\"********************************************************* .TP .B \-\-tls\-crypt keyfile -- 2.7.4 ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
