diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-02-16 18:17:32 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-02-16 18:17:32 +0000 |
commit | 6117b639d32095fa761f4773c9eec27e9f70f6f4 (patch) | |
tree | f2d0e64fff6bc42d2a7ed654ad38c14aeb01f55a /openvpn.8 | |
parent | Added --port-share option for allowing OpenVPN and HTTPS (diff) | |
download | openvpn-6117b639d32095fa761f4773c9eec27e9f70f6f4.tar.xz |
svn merge -r 888:889 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21 21
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@894 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
-rw-r--r-- | openvpn.8 | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -4114,7 +4114,7 @@ Require that peer certificate was signed with an explicit .B key usage and .B extended key usage -based on TLS rules. +based on RFC3280 TLS rules. This is a useful security option for clients, to ensure that the host they connect to is a designated server. @@ -4125,11 +4125,15 @@ option is equivalent to .B --remote-cert-ku 80 08 88 --remote-cert-eku "TLS Web Client Authentication" +The key usage is digitalSignature and/or keyAgreement. + The .B --remote-cert-tls server option is equivalent to .B ---remote-cert-ku a0 08 --remote-cert-eku "TLS Web Server Authentication" +--remote-cert-ku a0 88 --remote-cert-eku "TLS Web Server Authentication" + +The key usage is digitalSignature and ( keyEncipherment or keyAgreement ). This is an important security precaution to protect against a man-in-the-middle attack where an authorized client |