I'd like to clarify "aes" in ipsec.conf accepts 128:256 bits. sbin/ipsecctl/ike.c: 201 case ENCXF_AES: 202 enc_alg = "AES"; 203 key_length = "128,128:256"; 204 break;
ok? Clarify "aes" will accept keys which length is in 128:256 bits. Index: sbin/ipsecctl/ipsec.conf.5 =================================================================== RCS file: /cvs/src/sbin/ipsecctl/ipsec.conf.5,v retrieving revision 1.160 diff -u -p -r1.160 ipsec.conf.5 --- sbin/ipsecctl/ipsec.conf.5 22 Oct 2021 12:30:54 -0000 1.160 +++ sbin/ipsecctl/ipsec.conf.5 2 Nov 2021 02:58:13 -0000 @@ -637,10 +637,10 @@ keyword: The following cipher types are permitted with the .Ic enc keyword: -.Bl -column "aes-128-gmac" "Key Length" "Description" -offset indent +.Bl -column "aes-128-gmac" "128-256 bits" "Description" -offset indent .It Em "Cipher" Ta Em "Key Length" Ta "" .It Li 3des Ta "168 bits" Ta "" -.It Li aes Ta "128 bits" Ta "" +.It Li aes Ta "128-256 bits" Ta "" .It Li aes-128 Ta "128 bits" Ta "" .It Li aes-192 Ta "192 bits" Ta "" .It Li aes-256 Ta "256 bits" Ta ""