[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 18 Apr 2022 19:01:53 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379

--- Comment #5 from John Baldwin <jhb@FreeBSD.org> ---
I have a review for the manpage at https://reviews.freebsd.org/D34947 (Eugene,
I couldn't add you on the review via your freebsd.org username for some
reason?)

In terms of how to inform other users, we could perhaps add a check to
stable/12 to warn users about using an explicit -A in combination with AES-GCM
just as we have warnings in place now for older cipher suites deprecated in
FreeBSD 13.  I suspect such uses are somewhat rare though given it's not a
standard combination?  (There's no support in IKE for specifying a combination
like this for example.)

-- 
You are receiving this mail because:
You are on the CC list for the bug.