added 'legacy' initialization vector text to man pages

2013-04-01 23:01:45 -04:00 · 2013-04-01 23:01:45 -04:00 · 98d5b6d8a0
commit 98d5b6d8a0
parent 9ee21aae12
2 changed files with 10 additions and 2 deletions
--- a/doc/fwknop.man.asciidoc
+++ b/doc/fwknop.man.asciidoc
@ -236,7 +236,11 @@ SPA OPTIONS
    The default is CBC mode, but others can be chosen such as CFB or OFB
    as long as this is also specified in the 'access.conf' file on the
    server side via the ENCRYPTION_MODE variable.  In general, it is
-    recommended to not use this argument and just use the default.
+    recommended to not use this argument and just use the default.  Note that
+    the string ``legacy'' can be specified in order to generate SPA packets
+    with the old initialization vector strategy used by versions of *fwknop*
+    before 2.5.  With the 2.5 release, *fwknop* generates initialization
+    vectors in a manner that is compatible with OpenSSL.

 *--hmac-digest-type*='<digest>'::
    Set the HMAC digest algorithm (default is sha256). Options are md5, sha1,
--- a/doc/fwknopd.man.asciidoc
+++ b/doc/fwknopd.man.asciidoc
@ -353,7 +353,11 @@ directive starts a new stanza.
 *ENCRYPTION_MODE*: '<mode>'::
    Specify the encryption mode when AES is used.  The default is CBC mode,
    but other modes can be selected such as OFB and CFB.  In general, it is
-    recommended to not use this variable and leave it as the default.
+    recommended to not use this variable and leave it as the default.  Note
+    that the string ``legacy'' can be specified in order to generate SPA
+    packets with the old initialization vector strategy used by versions of
+    *fwknop* before 2.5.  With the 2.5 release, *fwknop* generates
+    initialization vectors in a manner that is compatible with OpenSSL.

 *ENABLE_CMD_EXEC*: '<Y/N>'::
    This instructs *fwknopd* to accept complete commands that are contained