X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/6b27510e7c6c725de5e4bdefdec589df774adc20..refs/heads/mdw/xdh:/README.make-secnet-sites diff --git a/README.make-secnet-sites b/README.make-secnet-sites index 9a528c1..ac64fb4 100644 --- a/README.make-secnet-sites +++ b/README.make-secnet-sites @@ -112,10 +112,14 @@ INPUT SYNTAX VPN, and location properties which are already defined. (Assigning new properties is permitted.) + * It is not permitted to define new VPN-level + properties. + Finally, the properties. - If a property has already been defined on an item, then it is an - error to try to redefine it. + Usually, if a property has already been defined on an item, then + it is an error to try to redefine it. But some properties are + list-like: the values are accumulated into a single list. Mostly, properties are written to corresponding assignments in the generated Secnet configuration file, . The entries below @@ -127,15 +131,22 @@ INPUT SYNTAX location levels. dh P G - Assigns a Diffie--Hellman closure to the `dh' key, - constructed as `diffie-hellman(P, G)'. Acceptable at all - levels; required at site level. + dh GROUP-NAME + Assigns a Diffie--Hellman closure to the `dh' key. If + MODULUS and GENERATOR are given, the closure is + constructed as `diffie-hellman(P, G)'. If a GROUP-NAME + is given, it must be one of `x25519' or `x448', and the + like-named pre-existing DH closure is used. This is a + listish property: it can be set more than once and the + values are accumulated into a list in the output. + + Acceptable at all levels; required at site level. hash HASH-NAME Assigns the HASH-NAME to the `hash' key. The HASH-NAME - must be one of `md5' or `sha1', and the corresponding - hash closure is used. Acceptable at all levels; - required at site level. + must be one of `md5', `sha1', or `sha512', and the + corresponding hash closure is used. Acceptable at all + levels; required at site level. key-lifetime INT setup-timeout INT