diff options
author | Koichiro IWAO <meta@vmeta.jp> | 2016-11-15 17:15:24 +0900 |
---|---|---|
committer | Koichiro IWAO <meta@vmeta.jp> | 2016-11-16 14:15:44 +0900 |
commit | 13aa2fcc2a71492d98ddcb2f3ce2152369107988 (patch) | |
tree | e2b8c058998599d80d920b45aec4dc57dd5e8018 /docs/man/xrdp.ini.5 | |
parent | d6e8435a72c16f7f6a8a9145eb7d40cdb54c1d42 (diff) | |
download | xrdp-proprietary-13aa2fcc2a71492d98ddcb2f3ce2152369107988.tar.gz xrdp-proprietary-13aa2fcc2a71492d98ddcb2f3ce2152369107988.zip |
docs: update descriptions for encryption
- Add descriptions for certificate and key_file
- xrdp actually supports 128-bit encryption in Standard RDP Security
- change line breaks
Diffstat (limited to 'docs/man/xrdp.ini.5')
-rw-r--r-- | docs/man/xrdp.ini.5 | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 6fddefa1..0b5acfee 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -46,37 +46,56 @@ If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables bitmap compressio If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables compression of bulk data in \fBxrdp\fR(8). .TP +\fBcertificate\fP=\fI/path/to/certificate\fP +.TP +\fBkey_file\fP=\fI/path/to/private_key\fP +Set location of TLS certificate and private key. They must be written in PEM format. +If not specified, defaults to \fB${XRDP_CFG_DIR}/cert.pem\fP, \fB${XRDP_CFG_DIR}/key.pem\fP. + +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + +.TP \fBchannel_code\fP=\fI[true|false]\fP If set to \fB0\fR, \fBfalse\fR or \fBno\fR this option disables all channels \fBxrdp\fR(8). See section \fBCHANNELS\fP below for more fine grained options. .TP -\fBcrypt_level\fP=\fIlow|medium|high|fips\fP +\fBcrypt_level\fP=\fI[low|medium|high|fips]\fP .\" <http://blogs.msdn.com/b/openspecification/archive/2011/12/08/encryption-negotiation-in-rdp-connection.aspx> -RDP connection are controlled by two encryption settings: \fIEncryption Level\fP and \fIEncryption Method\fP. -The only supported \fIEncryption Method\fP is \fB40BIT_ENCRYPTION\fP, \fB128BIT_ENCRYPTION\fP and \fB56BIT_ENCRYPTION\fP are currently not supported. +Regulate encryption level of Standard RDP Security. +This parameter is effective only if \fBsecurity_layer\fP is set to \fBrdp\fP or \fBnegotiate\fP. + +Encryption in Standard RDP Security is controlled by two settings: \fIEncryption Level\fP +and \fIEncryption Method\fP. The only supported \fIEncryption Method\fP are \fB40BIT_ENCRYPTION\fP +and \fB128BIT_ENCRYPTION\fP. \fB56BIT_ENCRYPTION\fP is not supported. This option controls the \fIEncryption Level\fP: .RS 8 .TP .B low -All data sent from the client to the server is protected by encryption based on the maximum key strength supported by the client. +All data sent from the client to the server is protected by encryption based on +the maximum key strength supported by the client. .I This is the only level that the traffic sent by the server to client is not encrypted. .TP .B medium -All data sent between the client and the server is protected by encryption based on the maximum key strength supported by the client. +All data sent between the client and the server is protected by encryption based on +the maximum key strength supported by the client (client compatible). .TP .B high -All data sent between the client and server is protected by encryption based on the server's maximum key strength. +All data sent between the client and the server is protected by encryption based on +the server's maximum key strength (sever compatible). .TP .B fips -All data sent between the client and server is protected using Federal Information Processing Standard 140-1 validated encryption methods. -.I This level is required for Windows clients (mstsc.exe) if the client's group policy enforces FIPS-compliance mode. +All data sent between the client and server is protected using Federal Information +Processing Standard 140-1 validated encryption methods. +.I This level is required for Windows clients (mstsc.exe) if the client's group policy +.I enforces FIPS-compliance mode. .RE .TP \fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. If not specified, defaults to \fBfalse\fP. +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. .TP \fBfork\fP=\fI[true|false]\fP @@ -150,6 +169,8 @@ Specifies TLS cipher suite. The format of this parameter is equivalent to which (ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + .TP \fBuse_fastpath\fP=\fI[input|output|both|none]\fP If not specified, defaults to \fBnone\fP. |