On Fri, Dec 23, 2005 at 12:27:55PM -0500, Will H. Backman wrote: > According to the vpn(8) man page: > Paragraph just before section header for Creating IPsec Flows [manual > keying] > > "Note that when no authentication and encryption algorithms are defined, > ipsecctl(8) will automatically use HMAC-SHA2-256 for authentication and > AES-128 in countermode for encryption. Therefore the authentication key > needs to be 256 bits long; the encryption key 128 bits. For details see > ipsec.conf(5)." > > If I create an ipsec.conf file that does not define an authentication or > encryption algorithm, I get warnings if my encryption key is less than > 160 bits. Man page states that it must be at least 128.
fixed in -current now. thanks for the mail. jmc
