tls-server: Optionally omit CAs in CertificateRequest messages

[strongswan.git] / conf / options / charon.opt

diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index fb69bd7..dd97264 100644 (file)
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -473,6 +473,12 @@ charon.tls.mac
 charon.tls.suites
        List of TLS cipher suites.
 
+charon.tls.send_certreq_authorities = yes
+       Whether to include CAs in a server's CertificateRequest message.
+
+       Whether to include CAs in a server's CertificateRequest message. May be
+       disabled if clients can't handle a long list of CAs.
+
 charon.tls.version_min = 1.0
        Minimum TLS version to negotiate.