svn commit: r360557 - in head: lib/libipsec sbin/setkey sys/netipsec usr.bin/netstat
John Baldwin
jhb at FreeBSD.org
Sat May 2 00:23:49 UTC 2020
On 5/1/20 5:06 PM, John Baldwin wrote:
> Author: jhb
> Date: Sat May 2 00:06:58 2020
> New Revision: 360557
> URL: https://svnweb.freebsd.org/changeset/base/360557
>
> Log:
> Remove support for IPsec algorithms deprecated in r348205 and r360202.
>
> Examples of depecrated algorithms in manual pages and sample configs
> are updated where relevant. I removed the one example of combining
> ESP and AH (vs using a cipher and auth in ESP) as RFC 8221 says this
> combination is NOT RECOMMENDED.
>
> Specifically, this removes support for the following ciphers:
> - des-cbc
> - 3des-cbc
> - blowfish-cbc
> - cast128-cbc
> - des-deriv
> - des-32iv
> - camellia-cbc
>
> This also removes support for the following authentication algorithms:
> - hmac-md5
> - keyed-md5
> - keyed-sha1
> - hmac-ripemd160
>
> Reviewed by: cem, gnn (older verisons)
> Relnotes: yes
> Sponsored by: Chelsio Communications
> Differential Revision: https://reviews.freebsd.org/D24342
Oops, forgot:
PR: 245834 (exp-run)
--
John Baldwin
More information about the svn-src-all
mailing list