From eefc099df74ee4bc872a3c8254a27a38e353f7ae Mon Sep 17 00:00:00 2001
From: Koichiro IWAO <meta@vmeta.jp>
Date: Wed, 14 Dec 2016 14:50:08 +0900
Subject: [PATCH] docs: document ssl_protocols, remove document for
 disableSSLv3

---
 docs/man/xrdp.ini.5.in | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/man/xrdp.ini.5.in b/docs/man/xrdp.ini.5.in
index 5a06c7f4..979c629b 100644
--- a/docs/man/xrdp.ini.5.in
+++ b/docs/man/xrdp.ini.5.in
@@ -95,12 +95,6 @@ Processing Standard 140-1 validated encryption methods.
 .I enforces FIPS-compliance mode.
 .RE
 
-.TP
-\fBdisableSSLv3\fP=\fI[true|false]\fP
-If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections.
-If not specified, defaults to \fBfalse\fP.
-This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP.
-
 .TP
 \fBfork\fP=\fI[true|false]\fP
 If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\fR(8) forks a sub-process instead of using threads.
@@ -149,6 +143,12 @@ of Standard RDP Security is controlled by \fBcrypt_level\fP.
 Negotiate these security methods with clients.
 .RE
 
+.TP
+\fBssl_protocols\fP=\fI[SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2]\fP
+Enables the specified SSL/TLS protocols. Each value should be separated by space.
+SSLv2 is always disabled. At least one protocol should be given to accept TLS connections.
+This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP.
+
 .TP
 \fBtcp_keepalive\fP=\fI[true|false]\fP
 Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP.