[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Wed Jan 6 05:24:15 UTC 2016
New commits:
commit 4c3de8925c7b868cc945f195df1b52dadab613a3
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 6 00:24:04 2016 -0500
updated changes
commit 6b979985129717228be3ddac8bde8b96420ba648
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 6 00:15:31 2016 -0500
testing: renamed ikev2-06-6msg to ikev2-dcookie-01 and added 02 and 03 tests
commit d935515aeef12225a54ba34478d394ac1f3c0750
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 6 00:16:54 2016 -0500
IKEv2: Harden dcookies and nonces
- Split minimum/maximum nonce sizes for IKEv1 and IKEv2
- Raise minimum nonce size in IKEv2 from 8 to 16 bytes as per RFC-7296
- Raise the default nonce size for IKEv1 and IKEv2 from 16 to 32 bytes
- Add --impair-send-bogus-dcookie option to pluto for testing
- Use SHA2-256 instead of SHA1 as hash algorithm for dcookies
- Validate dcookies even if we did not expect one [violates RFC-7296]
More information about the Swan-commit
mailing list