IPSEC loosing camellia in IPSEC on FreeBSD13?
dewayne at heuristicsystems.com.au
Sun Mar 21 01:44:55 UTC 2021
For those that skim release notes,
I noticed that FreeBSD13 drops from IPSEC:
- some integrity checks as well as blowfish, cast128, des, des3 & variants
camellia. From my stable/12 "man setkey" this leaves ciphers: null,
aes-cbc, aes-ctr and aes-gcm16.
Apparently the reason is that it wasn't mentioned in RFC8221, while
section 1.2 states "As a result, any algorithm listed at the
IPsec IANA registry that is not mentioned in this document MAY be
it goes on to explain what must not be used. (Camellia is not part of
Camellia does appear in the IANA registry
Can anyone help me to understand why camellia should be removed? On a
purely number of rounds basis, camellia is better. Both AES and
camellia use S boxes, camellia uses 18 rounds for 128b keys and 24
rounds on 192 and 256 bit keys, while commercial/public AES-128 uses 10
rounds and AES-256 14 rounds.
FreeBSD is better by having more choice of ciphers and somewhat ahead of
the pack (rfc4312 (Camellia use with ipsec)).
PS And yes I use IPSEC with camellia between FreeBSD boxes and I was
planning on upgrading some old internet facing systems. Twofish would be
More information about the freebsd-questions