aboutsummaryrefslogtreecommitdiffstats
path: root/man/ipsec.conf.5.in
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2017-05-10 19:32:53 +0200
committerTobias Brunner <tobias@strongswan.org>2017-05-26 11:22:28 +0200
commit4270c8fcb07f37100889695d19a3a3e876f2a1b8 (patch)
treede3d3de58d8aa2bec700b0b42f3afe49042640d3 /man/ipsec.conf.5.in
parent7637633bb9ac497563a10d93d32e26443edd4383 (diff)
downloadstrongswan-4270c8fcb07f37100889695d19a3a3e876f2a1b8.tar.bz2
strongswan-4270c8fcb07f37100889695d19a3a3e876f2a1b8.tar.xz
stroke: Make 96-bit truncation for SHA-256 configurable
Diffstat (limited to 'man/ipsec.conf.5.in')
-rw-r--r--man/ipsec.conf.5.in7
1 files changed, 7 insertions, 0 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index ee7d86089..fef44ae21 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -1141,6 +1141,13 @@ a value of 0 disables IPsec replay protection.
.BR reqid " = <number>"
sets the reqid for a given connection to a pre-configured fixed value.
.TP
+.BR sha256_96 " = " no " | yes"
+HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility
+with implementations that incorrectly use 96-bit truncation this option may be
+enabled to configure the shorter truncation length in the kernel. This is not
+negotiated, so this only works with peers that use the incorrect truncation
+length (or have this option enabled).
+.TP
.BR tfc " = <value>"
number of bytes to pad ESP payload data to. Traffic Flow Confidentiality
is currently supported in IKEv2 and applies to outgoing packets only. The