[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Sun Jan 17 18:22:04 UTC 2016
New commits:
commit 12204881493d2095e4414b60daf8d0ef3701d4c3
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 17 13:21:52 2016 -0500
updated changes
commit 4f109dd7c0e36f3d87a8b57273586e29f386ccc6
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 17 13:19:25 2016 -0500
IKEv2: Ignore IKE_INIT replies with DOS COOKIE > 64 bytes
The RFC does state the limit (albeit a bit hidden) and we did not
enforce it. The SLOTH attack uses it (although the attack in itself
cannot work for other reasons, such as randomized SPIs)
More information about the Swan-commit
mailing list