[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Fri Oct 21 02:08:39 UTC 2016
New commits:
commit afcfa04018be9ca5338a0bee6c80c4183360f647
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Oct 20 22:08:09 2016 -0400
updated changes
commit 52f351d9075859d58473ebc38ded35035eea08b2
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Oct 20 21:59:19 2016 -0400
libswan: Add warnings for DH2, DH5, DH23 and DH24
DH2 and DH5 will be removed from IKEv2 in the near future. For IKEv1,
these will be left enabled to allow communication with legacy devices
until we disable IKEv1 support.
DH23 and DH24 are untrusted, and will likely be downgraded to MUST NOT
in (RFC-4307bis)bis
commit d5c6be6ba6c2e4d809c396eb584395a67ec41395
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Oct 20 21:48:55 2016 -0400
pluto: DH22 support disabled as per (rfc-4307bis-14), split up USE_ EXTRACRYPTO
DH22 has been shown to be too weak, and is now a MUST NOT algorithm. It
can be re-enabled at compile time using USE_DH22=true
USE_EXTRACRYPTO was only left with serpent and twofish, so these were
split into USE_SERPENT and USE_TWOFISH (still enabled per default)
CAMELLIA was always enabled, now also uses a USE_CAMELLIA?=true default
so it can be disabled.
commit 92a6a07dda095e3ef46220426398e4873bfd6bda
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Oct 20 21:46:01 2016 -0400
testing: updated testlist
commit 3d9420c638ec99401f60e5116a79ca29aa52bdc3
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Oct 20 21:44:40 2016 -0400
testing: added interop-ikev[12]-strongswan-09-dh22-initiator
These tests shows libreswan not accepting DH22 anymore as per rfc4307bis-15
More information about the Swan-commit
mailing list