diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-11-18 01:25:05 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-11-18 01:25:05 +0000 |
commit | 03bfb228ffd95c37e135bb9a5a37160c247e28a9 (patch) | |
tree | 62fe17de8cce142be0749cf4a07509246b02f48b /openvpn.8 | |
parent | Version 2.1_rc14 (diff) | |
download | openvpn-03bfb228ffd95c37e135bb9a5a37160c247e28a9.tar.xz |
Added --prng option to control PRNG (pseudo-random
number generator) parameters. In previous OpenVPN
versions, the PRNG was hardcoded to use the SHA1
hash. Now any OpenSSL hash may be used. This is
part of an effort to remove hardcoded references to
a specific cipher or cryptographic hash algorithm.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3503 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
-rw-r--r-- | openvpn.8 | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -3616,6 +3616,21 @@ larger key may offer no real guarantee of greater security, or may even reduce security. .\"********************************************************* .TP +.B --prng alg [nsl] +(Advanced) For PRNG (Pseudo-random number generator), +use digest algorithm +.B alg +(default=sha1), and set +.B nsl +(default=16) +to the size in bytes of the nonce secret length (between 16 and 64). + +Set +.B alg=none +to disable the PRNG and use the OpenSSL RAND_bytes function +instead for all of OpenVPN's pseudo-random number needs. +.\"********************************************************* +.TP .B --engine [engine-name] Enable OpenSSL hardware-based crypto engine functionality. |