Print this page
5782 ike.config(4) needs additional oakley_group numbers
*** 310,327 ****
Unless specified as optional, elements in the parameter-list must
occur exactly once within a given transform's parameter-list:
oakley_group number
The Oakley Diffie-Hellman group used for IKE SA key derivation.
! The group numbers are defined in RFC 2409, Appendix A, and RFC
! 3526. Acceptable values are currently:
! 1 (768-bit)
! 2 (1024-bit)
! 5 (1536-bit)
! 14 (2048-bit)
! 15 (3072-bit)
! 16 (4096-bit)
encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, aes,
aes-cbc}
An encryption algorithm, as in ipsecconf(1M). However, of the
--- 310,340 ----
Unless specified as optional, elements in the parameter-list must
occur exactly once within a given transform's parameter-list:
oakley_group number
The Oakley Diffie-Hellman group used for IKE SA key derivation.
! The group numbers are defined in RFC 2409, Appendix A, RFC
! 3526, and RFC 5114, section 3.2. Acceptable values are
! currently:
! 1 (MODP 768-bit)
! 2 (MODP 1024-bit)
! 3 (EC2N 155-bit)
! 4 (EC2N 185-bit)
! 5 (MODP 1536-bit)
! 14 (MODP 2048-bit)
! 15 (MODP 3072-bit)
! 16 (MODP 4096-bit)
! 17 (MODP 6144-bit)
! 18 (MODP 8192-bit)
! 19 (ECP 256-bit)
! 20 (ECP 384-bit)
! 21 (ECP 521-bit)
! 22 (MODP 1024-bit, with 160-bit Prime Order Subgroup)
! 23 (MODP 2048-bit, with 224-bit Prime Order Subgroup)
! 24 (MODP 2048-bit, with 256-bit Prime Order Subgroup)
! 25 (ECP 192-bit)
! 26 (ECP 224-bit)
encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, aes,
aes-cbc}
An encryption algorithm, as in ipsecconf(1M). However, of the
*** 690,696 ****
--- 703,713 ----
Kivinen, T. RFC 3526, More Modular Exponential (MODP) Diffie-Hellman
Groups for Internet Key Exchange (IKE). The Internet Society, Network
Working Group. May 2003.
+ Lepinksi, M. and Kent, S. RFC 5114, Additional Diffie-Hellman Groups for
+ Use with IETF Standards. BBN Technologies, January 2008.
+
+
April 27, 2009 IKE.CONFIG(4)