I'd like to clarify "aes" in ipsec.conf accepts 128:256 bits.
sbin/ipsecctl/ike.c:
201 case ENCXF_AES:
202 enc_alg = "AES";
203 key_length = "128,128:256";
204 break;
ok?
Clarify "aes" will accept keys which length is in 128:256 bits.
Index: sbin/ipsecctl/ipsec.conf.5
===================================================================
RCS file: /cvs/src/sbin/ipsecctl/ipsec.conf.5,v
retrieving revision 1.160
diff -u -p -r1.160 ipsec.conf.5
--- sbin/ipsecctl/ipsec.conf.5 22 Oct 2021 12:30:54 -0000 1.160
+++ sbin/ipsecctl/ipsec.conf.5 2 Nov 2021 02:58:13 -0000
@@ -637,10 +637,10 @@ keyword:
The following cipher types are permitted with the
.Ic enc
keyword:
-.Bl -column "aes-128-gmac" "Key Length" "Description" -offset indent
+.Bl -column "aes-128-gmac" "128-256 bits" "Description" -offset indent
.It Em "Cipher" Ta Em "Key Length" Ta ""
.It Li 3des Ta "168 bits" Ta ""
-.It Li aes Ta "128 bits" Ta ""
+.It Li aes Ta "128-256 bits" Ta ""
.It Li aes-128 Ta "128 bits" Ta ""
.It Li aes-192 Ta "192 bits" Ta ""
.It Li aes-256 Ta "256 bits" Ta ""
