]> git.ipfire.org Git - thirdparty/strongswan.git/blobdiff - conf/options/charon.opt
projects / thirdparty / strongswan.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
x509: Make length of nonces in OCSP requests configurable
[thirdparty/strongswan.git] / conf / options / charon.opt
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index e07f1dd85317a2ec01e7582d675d257e1b96aabe..369a11df58e14cdbe2fd21d359563febfaff2c2c 100644 (file)
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -302,6 +302,13 @@ charon.nbns1
 charon.nbns2
        WINS servers assigned to peer via configuration payload (CP).
 
+charon.ocsp_nonce_len = 32
+       Length of nonces in OCSP requests (1-32).
+
+       Length of nonces in OCSP requests. According to RFC 8954, valid values are
+       between 1 and 32, with new clients required to use 32. Some servers might
+       not support that so lowering the value to e.g. 16 might be necessary.
+
 charon.port = 500
        UDP port used locally. If set to 0 a random port will be allocated.
 
Unnamed repository; edit this file 'description' to name the repository.