diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-05-10 19:32:53 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 11:22:28 +0200 |
commit | 4270c8fcb07f37100889695d19a3a3e876f2a1b8 (patch) | |
tree | de3d3de58d8aa2bec700b0b42f3afe49042640d3 /man/ipsec.conf.5.in | |
parent | 7637633bb9ac497563a10d93d32e26443edd4383 (diff) | |
download | strongswan-4270c8fcb07f37100889695d19a3a3e876f2a1b8.tar.bz2 strongswan-4270c8fcb07f37100889695d19a3a3e876f2a1b8.tar.xz |
stroke: Make 96-bit truncation for SHA-256 configurable
Diffstat (limited to 'man/ipsec.conf.5.in')
-rw-r--r-- | man/ipsec.conf.5.in | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index ee7d86089..fef44ae21 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -1141,6 +1141,13 @@ a value of 0 disables IPsec replay protection. .BR reqid " = <number>" sets the reqid for a given connection to a pre-configured fixed value. .TP +.BR sha256_96 " = " no " | yes" +HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility +with implementations that incorrectly use 96-bit truncation this option may be +enabled to configure the shorter truncation length in the kernel. This is not +negotiated, so this only works with peers that use the incorrect truncation +length (or have this option enabled). +.TP .BR tfc " = <value>" number of bytes to pad ESP payload data to. Traffic Flow Confidentiality is currently supported in IKEv2 and applies to outgoing packets only. The |