diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-10-23 15:33:02 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-11-08 16:46:51 +0100 |
commit | 2294606aa5c6cb26b63989f65738349bee500cd3 (patch) | |
tree | 75f914cad7be60665d31686dbd8587352e18b3e0 | |
parent | 63ffcfaa49c375a2dfc195c55ea61ceb8a570651 (diff) | |
download | strongswan-2294606aa5c6cb26b63989f65738349bee500cd3.tar.bz2 strongswan-2294606aa5c6cb26b63989f65738349bee500cd3.tar.xz |
proposal: Remove deprecated algorithms from default ESP and AH proposals
This removes algorithms that were deprecated by RFC 8221 (3DES, BF, MD5)
from the default proposals for ESP and AH.
References #8247.
-rw-r--r-- | src/libcharon/config/proposal.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 6c71f78d3..b0be951ab 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -1017,14 +1017,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol) add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128); add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192); add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256); - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); break; case PROTO_AH: @@ -1033,7 +1030,6 @@ proposal_t *proposal_create_default(protocol_id_t protocol) add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); break; default: |