From eefc099df74ee4bc872a3c8254a27a38e353f7ae Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Wed, 14 Dec 2016 14:50:08 +0900 Subject: [PATCH] docs: document ssl_protocols, remove document for disableSSLv3 --- docs/man/xrdp.ini.5.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/man/xrdp.ini.5.in b/docs/man/xrdp.ini.5.in index 5a06c7f4..979c629b 100644 --- a/docs/man/xrdp.ini.5.in +++ b/docs/man/xrdp.ini.5.in @@ -95,12 +95,6 @@ Processing Standard 140-1 validated encryption methods. .I enforces FIPS-compliance mode. .RE -.TP -\fBdisableSSLv3\fP=\fI[true|false]\fP -If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. -If not specified, defaults to \fBfalse\fP. -This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. - .TP \fBfork\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\fR(8) forks a sub-process instead of using threads. @@ -149,6 +143,12 @@ of Standard RDP Security is controlled by \fBcrypt_level\fP. Negotiate these security methods with clients. .RE +.TP +\fBssl_protocols\fP=\fI[SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2]\fP +Enables the specified SSL/TLS protocols. Each value should be separated by space. +SSLv2 is always disabled. At least one protocol should be given to accept TLS connections. +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + .TP \fBtcp_keepalive\fP=\fI[true|false]\fP Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP.