diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2006-06-11 11:07:42 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2006-06-11 11:07:42 +0000 |
| commit | cfbd7784e7eaaaf49c77e554c4b5e5a7ac407f17 (patch) | |
| tree | 4a6986ce4cb882c61eb621968c92ccba9497cd00 | |
| parent | b76f63ed632e0360bf29f42466506f1c1a5ac650 (diff) | |
Document AESCTR for quick mode and SHA2-* for main mode. Help by jmc.
ok jmc@
| -rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index a09b934034a..89328a15ba5 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.115 2006/06/11 00:20:36 jmc Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.116 2006/06/11 11:07:41 hshoexer Exp $ .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -83,18 +83,16 @@ to fully specify the Main Mode transforms and Quick Mode suites, protocols, and transforms. .Pp For Main Mode: -.\" .Ar {DES,BLF,3DES,CAST,AES}-{MD5,SHA}[-GRP{1,2,5,14,15}][-RSA_SIG] +.\"{cipher}-{hash}[-{group}][-RSA_SIG] .Bl -inset -compact .It Xo .Sm off .No { -.Ar DES , BLF , 3DES , CAST , AES +.Ar cipher .No }-{ -.Ar MD5 , SHA -.No }[- -.Ar GRP -.No { -.Ar 1 , 2 , 5 , 14 , 15 +.Ar hash +.No }[{- +.Ar group .No }] .No [- .Ar RSA_SIG @@ -103,6 +101,16 @@ For Main Mode: .Xc .El .Pp +where: +.Bl -tag -width "{cipher}" -offset indent -compact +.It Ns { Ns Ar cipher Ns } +is either DES, BLF, 3DES, CAST, or AES +.It Ns { Ns Ar hash Ns } +is either MD5, SHA, or SHA2-{256,384,512} +.It Ns { Ns Ar group Ns } +is either GRP1, GRP2, GRP5, GRP14, or GRP15 +.El +.Pp For Quick Mode: .\" .Ar QM-{proto}[-TRP]-{cipher}[-{hash}][-PFS[-{group}]]-SUITE .Bl -inset -compact @@ -133,15 +141,17 @@ where: .It Ns { Ns Ar proto Ns } is either ESP or AH .It Ns { Ns Ar cipher Ns } -is either DES, 3DES, CAST, BLF, or AES +is either DES, 3DES, CAST, BLF, AES, or AESCTR .It Ns { Ns Ar hash Ns } is either MD5, SHA, RIPEMD, or SHA2-{256,384,512} .It Ns { Ns Ar group Ns } -is either GRP1, GRP2, GRP5, GRP14 or GRP15 +is either GRP1, GRP2, GRP5, GRP14, or GRP15 .El .Pp -For example, 3DES-SHA means: 3DES encryption, SHA hash, and authorization by -pre-shared keys. +For example, AES-SHA2-256 means: AES encryption, SHA2-256 hash, and +authorization by pre-shared keys. +Adding "-RSA_SIG" will enable public key authentication, +e.g. AES-SHA2-256-RSA_SIG. Similarly, QM-ESP-3DES-SHA-PFS-SUITE means: ESP protocol, 3DES encryption, SHA hash, and use Perfect Forward Secrecy. .Pp |