[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Sun Apr 22 01:47:27 UTC 2018
New commits:
commit 4d8b5208772c31fdc9f90dc213ff8ed94d4f660f
Merge: 050397c 6957b3c
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Apr 21 21:24:12 2018 -0400
algparse: when PFS=yes, reject esp=aes,3des;dh21 - instead all or no proposals must specify DH
For ESP/AH, and when PFS=yes, require either all proposals or no proposals
specify a DH algorithm. This makes things consistent with ike= and
eliminates a loosly defined piece of syntax.
IKEv1 also requires the same algorithm.
IKEv2 allows one algorithm + none for now.
For instance, the above should be changed to esp=aes;dh21,3des;dh21.
Merge commit '6957b3cf11ea54c3668b5454d465901308ba0306'
commit 6957b3cf11ea54c3668b5454d465901308ba0306
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Apr 21 20:29:13 2018 -0400
testing: expect an error when esp=aes,3des;modp2048 et.al.
commit 95db0b62418f60d13cbc5f6413b4599f022042d6
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Apr 21 20:23:26 2018 -0400
algparse: when pfs=yes, reject aes,3des;modp2048
Instead require explict DH be added to each proposal, i.e.
aes;modp2048,3des;modp2048. This way flipping between IKEv1
and IKEv2 doesn't change the proposal choice.
More information about the Swan-commit
mailing list