ipsecalgparse is a utility that parses and expands and Internet Key Exchange cryptographic proposals
using the same syntax as used in the file ipsec.conf (see the description of ike= and esp= in
ipsec.conf(5) for details). In addition, ipsecalgparse can be used to run the proposal parser or the
cryptographic algorithm testsuites.
The following options control what ipsecalgparse will parse:
ike=[proposals], esp=[proposals], ah=[proposals]
Parse the proposals using the IKE, ESP, or AH proposal parser. When proposals is omitted, display the
default IKE, ESP, or AH proposals.
proposal
Try to parse the proposal using all three of the IKE, ESP, and AH proposal parsers.
-tp
run the proposal testsuite
-ta
run the algorithm testsuite
The following options alter the parser behaviour:
-v1, -v2
Parse the proposals using either the IKEv1 or IKEv2 proposal syntax.
The default is IKEv2.
-pfs=yes|no
Specify PFS (Perfect Forward Privicy). When yes Diffi-Helman algorithms will be included in the
proposal.
The default is --pfs=no.
-fips=yes|no
Force NSS into FIPS mode.
The default is determined by the system environment.
-p1, -p2
Specify the parser to use.
By default, IKEv1 uses the simple (p1) parser, and IKEv2 uses the more complex (p2) parser.
-nsspw
Specify the NSS database password.
-impair
Impair the parser, disabling all algorithm checks.
-ignore
Ignore parser errors.
-v, -verbose
Be more verbose when invoking proposal parser.
-d, -debug
Enable full debug-logging when invoking the proposal parser.
Install Now
