]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0e621f6) | patch
testing: Configure curve25519-sha256 as key exchange for SSH
authorTobias Brunner <tobias@strongswan.org>
Mon, 26 Jun 2023 12:20:14 +0000 (14:20 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 13 Jul 2023 08:48:53 +0000 (10:48 +0200)
commitab13c1c8089dbb11166f2426ae0c05bdf119f79d
treed04a5e147cfcfe6d2b858510be3976c53c001f9btree
parent0e621f60f87f978afb9392c7c140d772abc5f792commit | diff
testing: Configure curve25519-sha256 as key exchange for SSH

With Debian bookworm, the PQC KE sntrup761x25519-sha512 is negotiated, by
default.  This increases the overhead significantly, in particular, the
size of the KE message, which wouldn't get through IPsec tunnels without
MSS clamping.
testing/hosts/default/etc/ssh/sshd_config diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.