X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=doc%2Ftinc.conf.5.in;h=99b987772ad0157ded52790323888eb1c1bd1000;hb=f5dc136cfd7a3a195b75f7174722734e25f30fd9;hp=a6ae4f5ac3ee8d4355fff4d7814138506a908c1f;hpb=5a28aa7b8b0ab6237c2eab5f8b11253ea3ec5a05;p=tinc

diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
index a6ae4f5a..99b98777 100644
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@@ -261,6 +261,21 @@ but which would have to be forwarded by an intermediate node, are dropped instea
 When combined with the IndirectData option,
 packets for nodes for which we do not have a meta connection with are also dropped.
 
+.It Va ECDSAPrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /ecdsa_key.priv Pc
+The file in which the private ECDSA key of this tinc daemon resides.
+This is only used if
+.Va ExperimentalProtocol
+is enabled.
+
+.It Va ExperimentalProtocol Li = yes | no Po no Pc Bq experimental
+When this option is enabled, experimental protocol enhancements will be used.
+Ephemeral ECDH will be used for key exchanges,
+and ECDSA will be used instead of RSA for authentication.
+When enabled, an ECDSA key must have been generated before with
+.Nm tincctl generate-ecdsa-keys .
+The experimental protocol may change at any time,
+and there is no guarantee that tinc will run stable when it is used.
+
 .It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
 This option selects the way indirect packets are forwarded.
 .Bl -tag -width indent