As suggested by krzee in trac #790, refer to the --tls-crypt option
form the --tls-auth section of the man page, to encourage users to
check out the --tls-crypt feature.

Trac: #790

Signed-off-by: Steffan Karger <>
 doc/openvpn.8 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index b1ca9ed..c618746 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5029,6 +5029,11 @@ key file used with
 .B \-\-tls\-auth
 gives a peer nothing more than the power to initiate a TLS
 handshake.  It is not used to encrypt or authenticate any tunnel data.
+.B \-\-tls\-crypt
+instead if you want to use the key file to not only authenticate, but also
+encrypt the TLS control channel.
 .B \-\-tls\-crypt keyfile

Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.
Openvpn-devel mailing list

Reply via email to