proposal: Remove MD5 from default IKE proposal

RFC 8247 demoted MD5 to MUST NOT. References #2427.
author: Tobias Brunner <tobias@strongswan.org> 2017-09-19 11:01:04 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2017-11-08 16:47:04 +0100
commit: 10da451fc38c31476c26c5aa78ad3decc01e3a1f (patch)
tree: 11d30f9fa3eafbe47f251b6be266f33991ef490f /src
parent: 2294606aa5c6cb26b63989f65738349bee500cd3 (diff)
download: strongswan-10da451fc38c31476c26c5aa78ad3decc01e3a1f.tar.bz2
strongswan-10da451fc38c31476c26c5aa78ad3decc01e3a1f.tar.xz
1 files changed, 5 insertions, 2 deletions
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index b0be951ab..b4245d3de 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -872,9 +872,10 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 				case AUTH_AES_XCBC_96:
 				case AUTH_AES_CMAC_96:
 				case AUTH_HMAC_SHA1_96:
-				case AUTH_HMAC_MD5_96:
 					add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
 					break;
+				case AUTH_HMAC_MD5_96:
+					/* no, thanks */
 				default:
 					break;
 			}
@@ -908,9 +909,11 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 		switch (prf)
 		{
 			case PRF_HMAC_SHA1:
-			case PRF_HMAC_MD5:
 				add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
 				break;
+			case PRF_HMAC_MD5:
+				/* no, thanks */
+				break;
 			default:
 				break;
 		}
author	Tobias Brunner <tobias@strongswan.org>	2017-09-19 11:01:04 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2017-11-08 16:47:04 +0100
commit	10da451fc38c31476c26c5aa78ad3decc01e3a1f (patch)
tree	11d30f9fa3eafbe47f251b6be266f33991ef490f /src
parent	2294606aa5c6cb26b63989f65738349bee500cd3 (diff)
download	strongswan-10da451fc38c31476c26c5aa78ad3decc01e3a1f.tar.bz2 strongswan-10da451fc38c31476c26c5aa78ad3decc01e3a1f.tar.xz