X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=doc%2Ftinc.texi;h=69e5a2b289e4b2db2d15a74f0d04600c9af87cf3;hb=fa4a01e4a27dd4b3a57077acbd0e69f95d55944a;hp=53346b8fc02e218f9c3ca5ea3298404c0f150152;hpb=e73052b05444679d922dbdf3d0c507873110957e;p=tinc

diff --git a/doc/tinc.texi b/doc/tinc.texi
index 53346b8f..69e5a2b2 100644
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@@ -855,6 +855,21 @@ but which would have to be forwarded by an intermediate node, are dropped instea
 When combined with the IndirectData option,
 packets for nodes for which we do not have a meta connection with are also dropped.
 
+@cindex ECDSAPrivateKeyFile
+@item ECDSAPrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/ecdsa_key.priv})
+The file in which the private ECDSA key of this tinc daemon resides.
+This is only used if ExperimentalProtocol is enabled.
+
+@cindex ExperimentalProtocol
+@item ExperimentalProtocol = <yes|no> (no) [experimental]
+When this option is enabled, experimental protocol enhancements will be used.
+Ephemeral ECDH will be used for key exchanges,
+and ECDSA will be used instead of RSA for authentication.
+When enabled, an ECDSA key must have been generated before with
+@samp{tincctl generate-ecdsa-keys}.
+The experimental protocol may change at any time,
+and there is no guarantee that tinc will run stable when it is used.
+
 @cindex Forwarding
 @item Forwarding = <off|internal|kernel> (internal) [experimental]
 This option selects the way indirect packets are forwarded.