ipsec algparse [ -v1 | -v2 | -v | -verbose | -debug | -p1 | -p2 |
-pfs
{ yes | no }
|
-fips
{ yes | no }
| -ignore | -impair |
-nsspw
password
]
{ -tp | -ta | ike=proposals | esp=proposals | ah=proposals | proposals }
ipsec algparse is a utility that parses and
expands and Internet Key Exchange cryptographic proposals using
the same syntax as used in the file
ipsec.conf (see the description of
ike= and esp= in
ipsec.conf (see ipsec.conf(5) for
details). In addition, ipsec algparse can be
used to run the proposal parser or the cryptographic algorithm
testsuites.
The following options control what ipsec algparse will parse:
ike=[proposals]
,
esp=[proposals]
,
ah=[proposals]
Parse the proposals using the
IKE, ESP, or AH proposal parser. When
proposals is omitted, display
the default IKE, ESP, or AH proposals.
proposal
Try to parse the proposal using all three of the IKE, ESP, and AH proposal parsers.
-tp
run the proposal testsuite
-ta
run the algorithm testsuite
The following options alter the parser behaviour:
-v1
,
-v2
Parse the proposals using
either the IKEv1 or IKEv2 proposal syntax.
The default is IKEv2.
-pfs=yes|no
Specify PFS (Perfect Forward Privicy). When yes Diffi-Helman algorithms will be included in the proposal.
The default is --pfs=no.
-fips=yes|no
Force NSS into FIPS mode.
The default is determined by the system environment.
-p1
,
-p2
Specify the parser to use.
By default, IKEv1 uses the simple (p1) parser, and IKEv2 uses the more complex (p2) parser.
-nsspw
Specify the NSS database password.
-impair
Impair the parser, disabling all algorithm checks.
-ignore
Ignore parser errors.
-v
,
-verbose
Be more verbose when invoking proposal parser.
-d
,
-debug
Enable full debug-logging when invoking the proposal parser.