CVSROOT: /cvs Module name: src Changes by: na...@cvs.openbsd.org 2012/07/08 11:51:51
Modified files:
sbin/ipsecctl : ipsec.conf.5 ipsecctl.h parse.y
Log message:
Disallow manual security associations that use AES-CTR, AES-GCM,
or AES-GMAC. These algorithms cannot be used safely with static
keys and RFCs 3686, 4106, and 4543 expressly forbid such configurations.
Also include a tweak (with jmc@) to the key size explanation, for
completeness sake.
ok mikeb@
