Possible error in vpn(8) man page

[Will H. Backman]

According to the vpn(8) man page:
Paragraph just before section header for Creating IPsec Flows [manual 
keying]


Note that when no authentication and encryption algorithms are defined, 
ipsecctl(8) will automatically use HMAC-SHA2-256 for authentication and 
AES-128 in countermode for encryption.  Therefore the authentication key 
needs to be 256 bits long; the encryption key 128 bits.  For details see 
ipsec.conf(5).


If I create an ipsec.conf file that does not define an authentication or 
encryption algorithm, I get warnings if my encryption key is less than 
160 bits.  Man page states that it must be at least 128.

Re: Possible error in vpn(8) man page

[Jason McIntyre]

On Fri, Dec 23, 2005 at 12:27:55PM -0500, Will H. Backman wrote:
 According to the vpn(8) man page:
 Paragraph just before section header for Creating IPsec Flows [manual 
 keying]
 
 Note that when no authentication and encryption algorithms are defined, 
 ipsecctl(8) will automatically use HMAC-SHA2-256 for authentication and 
 AES-128 in countermode for encryption.  Therefore the authentication key 
 needs to be 256 bits long; the encryption key 128 bits.  For details see 
 ipsec.conf(5).
 
 If I create an ipsec.conf file that does not define an authentication or 
 encryption algorithm, I get warnings if my encryption key is less than 
 160 bits.  Man page states that it must be at least 128.

fixed in -current now. thanks for the mail.
jmc