Print this page
5782 ike.config(4) needs additional oakley_group numbers

*** 310,327 **** Unless specified as optional, elements in the parameter-list must occur exactly once within a given transform's parameter-list: oakley_group number The Oakley Diffie-Hellman group used for IKE SA key derivation. ! The group numbers are defined in RFC 2409, Appendix A, and RFC ! 3526. Acceptable values are currently: ! 1 (768-bit) ! 2 (1024-bit) ! 5 (1536-bit) ! 14 (2048-bit) ! 15 (3072-bit) ! 16 (4096-bit) encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, aes, aes-cbc} An encryption algorithm, as in ipsecconf(1M). However, of the --- 310,340 ---- Unless specified as optional, elements in the parameter-list must occur exactly once within a given transform's parameter-list: oakley_group number The Oakley Diffie-Hellman group used for IKE SA key derivation. ! The group numbers are defined in RFC 2409, Appendix A, RFC ! 3526, and RFC 5114, section 3.2. Acceptable values are ! currently: ! 1 (MODP 768-bit) ! 2 (MODP 1024-bit) ! 3 (EC2N 155-bit) ! 4 (EC2N 185-bit) ! 5 (MODP 1536-bit) ! 14 (MODP 2048-bit) ! 15 (MODP 3072-bit) ! 16 (MODP 4096-bit) ! 17 (MODP 6144-bit) ! 18 (MODP 8192-bit) ! 19 (ECP 256-bit) ! 20 (ECP 384-bit) ! 21 (ECP 521-bit) ! 22 (MODP 1024-bit, with 160-bit Prime Order Subgroup) ! 23 (MODP 2048-bit, with 224-bit Prime Order Subgroup) ! 24 (MODP 2048-bit, with 256-bit Prime Order Subgroup) ! 25 (ECP 192-bit) ! 26 (ECP 224-bit) encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, aes, aes-cbc} An encryption algorithm, as in ipsecconf(1M). However, of the
*** 690,696 **** --- 703,713 ---- Kivinen, T. RFC 3526, More Modular Exponential (MODP) Diffie-Hellman Groups for Internet Key Exchange (IKE). The Internet Society, Network Working Group. May 2003. + Lepinksi, M. and Kent, S. RFC 5114, Additional Diffie-Hellman Groups for + Use with IETF Standards. BBN Technologies, January 2008. + + April 27, 2009 IKE.CONFIG(4)