/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-05-31 16:13:39 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150531161339-igb3l0ip3c10ejpz
mandos-ctl: Generate better messages in exceptions.

mandos (rfc3339_duration_to_delta): Remove dead code.  Adjust white
                                    space.
mandos-ctl (rfc3339_duration_to_delta): Do minor formatting and
                                        whitespace adjustments, and
                                        Generate better message in
                                        exception.
(string_to_delta): Adjust quote character in doc string.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2014-03-05">
 
5
<!ENTITY TIMESTAMP "2015-03-08">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
311
311
        <listitem>
312
312
          <para>
313
313
            Sets the number of bits to use for the prime number in the
314
 
            TLS Diffie-Hellman key exchange.  Default is 1024.
 
314
            TLS Diffie-Hellman key exchange.  The default value is
 
315
            selected automatically based on the OpenPGP key.
315
316
          </para>
316
317
        </listitem>
317
318
      </varlistentry>
748
749
    <para>
749
750
      It will also help if the checker program on the server is
750
751
      configured to request something from the client which can not be
751
 
      spoofed by someone else on the network, unlike unencrypted
752
 
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
 
752
      spoofed by someone else on the network, like SSH server key
 
753
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
 
754
      echo (<quote>ping</quote>) replies.
753
755
    </para>
754
756
    <para>
755
757
      <emphasis>Note</emphasis>: This makes it completely insecure to