diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/starter/args.c | 18 | ||||
-rw-r--r-- | src/starter/confread.c | 7 | ||||
-rw-r--r-- | src/starter/confread.h | 1 | ||||
-rw-r--r-- | src/starter/keywords.h | 2 | ||||
-rw-r--r-- | src/starter/keywords.txt | 2 |
5 files changed, 2 insertions, 28 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index 3856c3df3..2f3e48b41 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -103,22 +103,6 @@ static const char *LST_keyexchange[] = { NULL }; -static const char *LST_pfsgroup[] = { - "modp1024", - "modp1536", - "modp2048", - "modp3072", - "modp4096", - "modp6144", - "modp8192", - "ecp192", - "ecp224", - "ecp256", - "ecp384", - "ecp521", - NULL -}; - static const char *LST_plutodebug[] = { "none", "all", @@ -215,7 +199,6 @@ static const token_info_t token_info[] = { ARG_ENUM, offsetof(starter_conn_t, startup), LST_startup }, { ARG_ENUM, offsetof(starter_conn_t, keyexchange), LST_keyexchange }, { ARG_MISC, 0, NULL /* KW_TYPE */ }, - { ARG_MISC, 0, NULL /* KW_PFS */ }, { ARG_MISC, 0, NULL /* KW_COMPRESS */ }, { ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool }, { ARG_ENUM, offsetof(starter_conn_t, aggressive), LST_bool }, @@ -238,7 +221,6 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_REAUTH */ }, { ARG_STR, offsetof(starter_conn_t, ike), NULL }, { ARG_STR, offsetof(starter_conn_t, esp), NULL }, - { ARG_STR, offsetof(starter_conn_t, pfsgroup), LST_pfsgroup }, { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL }, { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, diff --git a/src/starter/confread.c b/src/starter/confread.c index 377964951..a003a14d6 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -35,7 +35,7 @@ #define ip_version(string) (strchr(string, '.') ? AF_INET : AF_INET6) static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536"; -static const char esp_defaults[] = "aes128-sha1,3des-sha1"; +static const char esp_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536"; static const char firewall_defaults[] = "ipsec _updown iptables"; @@ -84,7 +84,7 @@ static void default_values(starter_config_t *cfg) cfg->conn_default.startup = STARTUP_NO; cfg->conn_default.state = STATE_IGNORE; cfg->conn_default.mode = MODE_TUNNEL; - cfg->conn_default.policy = POLICY_PFS | POLICY_MOBIKE; + cfg->conn_default.policy = POLICY_MOBIKE; cfg->conn_default.ike = strdupnull(ike_defaults); cfg->conn_default.esp = strdupnull(esp_defaults); @@ -561,9 +561,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg cfg->err++; } break; - case KW_PFS: - KW_POLICY_FLAG("yes", "no", POLICY_PFS) - break; case KW_COMPRESS: KW_POLICY_FLAG("yes", "no", POLICY_COMPRESS) break; diff --git a/src/starter/confread.h b/src/starter/confread.h index e9a77d438..0aa6bd515 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -143,7 +143,6 @@ struct starter_conn { char *esp; char *ike; - char *pfsgroup; time_t dpd_delay; time_t dpd_timeout; diff --git a/src/starter/keywords.h b/src/starter/keywords.h index c1b98dffc..3af235fec 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -64,7 +64,6 @@ typedef enum { KW_CONN_SETUP, KW_KEYEXCHANGE, KW_TYPE, - KW_PFS, KW_COMPRESS, KW_INSTALLPOLICY, KW_AGGRESSIVE, @@ -87,7 +86,6 @@ typedef enum { KW_REAUTH, KW_IKE, KW_ESP, - KW_PFSGROUP, KW_DPDDELAY, KW_DPDTIMEOUT, KW_DPDACTION, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 96221778d..ab76eb518 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -57,7 +57,6 @@ pkcs11keepstate, KW_PKCS11KEEPSTATE pkcs11proxy, KW_PKCS11PROXY keyexchange, KW_KEYEXCHANGE type, KW_TYPE -pfs, KW_PFS compress, KW_COMPRESS installpolicy, KW_INSTALLPOLICY aggressive, KW_AGGRESSIVE @@ -78,7 +77,6 @@ rekey, KW_REKEY reauth, KW_REAUTH esp, KW_ESP ike, KW_IKE -pfsgroup, KW_PFSGROUP dpddelay, KW_DPDDELAY dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION |