diff --git a/doc/changelog.txt b/doc/changelog.txt
index f2e7d51..685a9f3 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -1,6 +1,9 @@
 
 HEAD
 ====
+Fixes:
+- xt_pknock: UDP SPA mode erroneously returned an error saying
+  crypto was unavailable
 
 
 v2.5 (2014-04-18)
diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index f754568..1acc75c 100644
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -1058,9 +1058,6 @@ static int pknock_mt_check(const struct xt_mtchk_param *par)
 
 	if (!(info->option & XT_PKNOCK_NAME))
 		RETURN_ERR("You must specify --name option.\n");
-	if (info->option & (XT_PKNOCK_OPENSECRET | XT_PKNOCK_CLOSESECRET))
-		RETURN_ERR("No crypto support available; "
-			"cannot use opensecret/closescret\n");
 	if (info->option & XT_PKNOCK_OPENSECRET && info->ports_count != 1)
 		RETURN_ERR("--opensecret must have just one knock port\n");
 	if (info->option & XT_PKNOCK_KNOCKPORT) {