diff --git a/xrdp/xrdp.ini.in b/xrdp/xrdp.ini.in index c8d8924f..44fd5403 100644 --- a/xrdp/xrdp.ini.in +++ b/xrdp/xrdp.ini.in @@ -8,41 +8,50 @@ fork=true ; ports to listen on, number alone means listen on all interfaces ; 0.0.0.0 or :: if ipv6 is configured ; space between multiple occurrences -; examples -;3389 -;unix://./tmp/xrdp.socket -;tcp://.:3389 127.0.0.1:3389 -;tcp://:3389 *:3389 -;tcp://:3389 192.168.1.1:3389 -;tcp6://.:3389 ::1:3389 -;tcp6://:3389 *:3389 -;tcp6://{}:3389 {FC00:0:0:0:0:0:0:1}:3389 -;vsock://: +; +; Examples: +; port=3389 +; port=unix://./tmp/xrdp.socket +; port=tcp://.:3389 127.0.0.1:3389 +; port=tcp://:3389 *:3389 +; port=tcp://:3389 192.168.1.1:3389 +; port=tcp6://.:3389 ::1:3389 +; port=tcp6://:3389 *:3389 +; port=tcp6://{}:3389 {FC00:0:0:0:0:0:0:1}:3389 +; port=vsock://: port=3389 ; 'port' above should be connected to with vsock instead of tcp ; use this only with number alone in port above ; prefer use vsock://: above use_vsock=false + ; regulate if the listening socket use socket option tcp_nodelay ; no buffering will be performed in the TCP stack tcp_nodelay=true + ; regulate if the listening socket use socket option keepalive ; if the network connection disappear without close messages the connection will be closed tcp_keepalive=true + +; set tcp send/recv buffer (for experts) #tcp_send_buffer_bytes=32768 #tcp_recv_buffer_bytes=32768 ; security layer can be 'tls', 'rdp' or 'negotiate' ; for client compatible layer security_layer=negotiate -; minimum security level allowed for client + +; minimum security level allowed for client for classic RDP encryption +; use tls_ciphers to configure TLS encryption ; can be 'none', 'low', 'medium', 'high', 'fips' crypt_level=high + ; X.509 certificate and private key ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 certificate= key_file= + ; set SSL protocols ; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3' ssl_protocols=TLSv1.2, TLSv1.3