aboutsummaryrefslogtreecommitdiff
path: root/openvpn.8
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-11-18 01:25:05 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-11-18 01:25:05 +0000
commit03bfb228ffd95c37e135bb9a5a37160c247e28a9 (patch)
tree62fe17de8cce142be0749cf4a07509246b02f48b /openvpn.8
parentVersion 2.1_rc14 (diff)
downloadopenvpn-03bfb228ffd95c37e135bb9a5a37160c247e28a9.tar.xz
Added --prng option to control PRNG (pseudo-random
number generator) parameters. In previous OpenVPN versions, the PRNG was hardcoded to use the SHA1 hash. Now any OpenSSL hash may be used. This is part of an effort to remove hardcoded references to a specific cipher or cryptographic hash algorithm. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3503 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
-rw-r--r--openvpn.815
1 files changed, 15 insertions, 0 deletions
diff --git a/openvpn.8 b/openvpn.8
index c45f839..bbec354 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -3616,6 +3616,21 @@ larger key may offer no real guarantee of greater
security, or may even reduce security.
.\"*********************************************************
.TP
+.B --prng alg [nsl]
+(Advanced) For PRNG (Pseudo-random number generator),
+use digest algorithm
+.B alg
+(default=sha1), and set
+.B nsl
+(default=16)
+to the size in bytes of the nonce secret length (between 16 and 64).
+
+Set
+.B alg=none
+to disable the PRNG and use the OpenSSL RAND_bytes function
+instead for all of OpenVPN's pseudo-random number needs.
+.\"*********************************************************
+.TP
.B --engine [engine-name]
Enable OpenSSL hardware-based crypto engine functionality.