]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
proposal: Remove MD5 from default IKE proposal
authorTobias Brunner <tobias@strongswan.org>
Tue, 19 Sep 2017 09:01:04 +0000 (11:01 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Nov 2017 15:47:04 +0000 (16:47 +0100)
RFC 8247 demoted MD5 to MUST NOT.

References #2427.

src/libcharon/config/proposal.c

index b0be951ab6e31bbd10c66b92f620dab92579d2ae..b4245d3de478806464944cfe930ef06580939b98 100644 (file)
@@ -872,9 +872,10 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
                                case AUTH_AES_XCBC_96:
                                case AUTH_AES_CMAC_96:
                                case AUTH_HMAC_SHA1_96:
-                               case AUTH_HMAC_MD5_96:
                                        add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
                                        break;
+                               case AUTH_HMAC_MD5_96:
+                                       /* no, thanks */
                                default:
                                        break;
                        }
@@ -908,9 +909,11 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
                switch (prf)
                {
                        case PRF_HMAC_SHA1:
-                       case PRF_HMAC_MD5:
                                add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
                                break;
+                       case PRF_HMAC_MD5:
+                               /* no, thanks */
+                               break;
                        default:
                                break;
                }