From 1244bb4c35ed3d5c284b904a0e6fc7dd85316710 Mon Sep 17 00:00:00 2001 From: sobrado Date: Fri, 2 Jan 2015 18:28:23 +0000 Subject: [PATCH] PFS stands for Perfect Forward Secrecy. ok reyk@ --- sbin/iked/iked.conf.5 | 6 +++--- sbin/ipsecctl/ipsec.conf.5 | 6 +++--- usr.sbin/relayd/relayd.conf.5 | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/sbin/iked/iked.conf.5 b/sbin/iked/iked.conf.5 index ccb8f5cbc73..fb0ab5e182e 100644 --- a/sbin/iked/iked.conf.5 +++ b/sbin/iked/iked.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: iked.conf.5,v 1.35 2014/08/27 10:28:57 reyk Exp $ +.\" $OpenBSD: iked.conf.5,v 1.36 2015/01/02 18:28:23 sobrado Exp $ .\" .\" Copyright (c) 2010 - 2014 Reyk Floeter .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 27 2014 $ +.Dd $Mdocdate: January 2 2015 $ .Dt IKED.CONF 5 .Os .Sh NAME @@ -397,7 +397,7 @@ If omitted, will use the default proposals for the ESP or AH protocol. The .Ic group -option will only be used to enable Perfect Forwarding Security (PFS) +option will only be used to enable Perfect Forward Secrecy (PFS) for additional Child SAs exchanges that are not part of the initial key exchange. .It Ic srcid Ar string Ic dstid Ar string diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index 887337621e1..b2bc7d7a3e5 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.145 2014/03/19 12:49:00 sthen Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.146 2015/01/02 18:28:23 sobrado Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 19 2014 $ +.Dd $Mdocdate: January 2 2015 $ .Dt IPSEC.CONF 5 .Os .Sh NAME @@ -366,7 +366,7 @@ and .Ic group are described below in .Sx CRYPTO TRANSFORMS . -Perfect Forward Security (PFS) is enabled unless +Perfect Forward Secrecy (PFS) is enabled unless .Ic group Ar none is specified. .Pp diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 281bc0c6899..2e10ad03d46 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.158 2014/12/27 16:09:51 jmc Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.159 2015/01/02 18:28:23 sobrado Exp $ .\" .\" Copyright (c) 2006 - 2014 Reyk Floeter .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 27 2014 $ +.Dd $Mdocdate: January 2 2015 $ .Dt RELAYD.CONF 5 .Os .Sh NAME @@ -941,7 +941,7 @@ enabled by default. Disable to mitigate a potential DoS risk. .It Ic ecdh Op Ic curve Ar name Set a named curve to use when generating EC keys for ECDHE-based -cipher suites with Perfect Forward Security (PFS). +cipher suites with Perfect Forward Secrecy (PFS). If the curve .Ar name is not specified, the default curve @@ -951,7 +951,7 @@ ECDHE is enabled by default. .It Ic no ecdh Disable ECDHE support. .It Ic edh Op Ic params Ar maximum -Enable EDH-based cipher suites with Perfect Forward Security (PFS) for +Enable EDH-based cipher suites with Perfect Forward Secrecy (PFS) for older clients that do not support ECDHE. If the .Ar maximum -- 2.20.1