From bcb281707bc927aee997033d145804c9052e1264 Mon Sep 17 00:00:00 2001
From: Koichiro IWAO <meta@vmeta.jp>
Date: Mon, 19 Aug 2019 14:20:32 +0900
Subject: [PATCH] xrdp: reformat comments/descriptions in xrdp.ini

---
 xrdp/xrdp.ini.in | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/xrdp/xrdp.ini.in b/xrdp/xrdp.ini.in
index c8d8924f..44fd5403 100644
--- a/xrdp/xrdp.ini.in
+++ b/xrdp/xrdp.ini.in
@@ -8,41 +8,50 @@ fork=true
 ; ports to listen on, number alone means listen on all interfaces
 ; 0.0.0.0 or :: if ipv6 is configured
 ; space between multiple occurrences
-; examples
-;3389
-;unix://./tmp/xrdp.socket
-;tcp://.:3389                           127.0.0.1:3389
-;tcp://:3389                            *:3389
-;tcp://<any ipv4 format addr>:3389      192.168.1.1:3389
-;tcp6://.:3389                          ::1:3389
-;tcp6://:3389                           *:3389
-;tcp6://{<any ipv6 format addr>}:3389   {FC00:0:0:0:0:0:0:1}:3389
-;vsock://<cid>:<port>
+;
+; Examples:
+;   port=3389
+;   port=unix://./tmp/xrdp.socket
+;   port=tcp://.:3389                           127.0.0.1:3389
+;   port=tcp://:3389                            *:3389
+;   port=tcp://<any ipv4 format addr>:3389      192.168.1.1:3389
+;   port=tcp6://.:3389                          ::1:3389
+;   port=tcp6://:3389                           *:3389
+;   port=tcp6://{<any ipv6 format addr>}:3389   {FC00:0:0:0:0:0:0:1}:3389
+;   port=vsock://<cid>:<port>
 port=3389
 
 ; 'port' above should be connected to with vsock instead of tcp
 ; use this only with number alone in port above
 ; prefer use vsock://<cid>:<port> above
 use_vsock=false
+
 ; regulate if the listening socket use socket option tcp_nodelay
 ; no buffering will be performed in the TCP stack
 tcp_nodelay=true
+
 ; regulate if the listening socket use socket option keepalive
 ; if the network connection disappear without close messages the connection will be closed
 tcp_keepalive=true
+
+; set tcp send/recv buffer (for experts)
 #tcp_send_buffer_bytes=32768
 #tcp_recv_buffer_bytes=32768
 
 ; security layer can be 'tls', 'rdp' or 'negotiate'
 ; for client compatible layer
 security_layer=negotiate
-; minimum security level allowed for client
+
+; minimum security level allowed for client for classic RDP encryption
+; use tls_ciphers to configure TLS encryption
 ; can be 'none', 'low', 'medium', 'high', 'fips'
 crypt_level=high
+
 ; X.509 certificate and private key
 ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
 certificate=
 key_file=
+
 ; set SSL protocols
 ; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
 ssl_protocols=TLSv1.2, TLSv1.3