]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
proposal: Remove deprecated algorithms from default ESP and AH proposals
authorTobias Brunner <tobias@strongswan.org>
Mon, 23 Oct 2017 13:33:02 +0000 (15:33 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Nov 2017 15:46:51 +0000 (16:46 +0100)
This removes algorithms that were deprecated by RFC 8221 (3DES, BF, MD5)
from the default proposals for ESP and AH.

References #8247.

src/libcharon/config/proposal.c

index 6c71f78d35fdbd993c90aaa709326192a7184adc..b0be951ab6e31bbd10c66b92f620dab92579d2ae 100644 (file)
@@ -1017,14 +1017,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
                        add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC,          128);
                        add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC,          192);
                        add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC,          256);
-                       add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES,               0);
-                       add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,         256);
                        add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,  0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,  0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,  0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,       0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,        0);
-                       add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,        0);
                        add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
                        break;
                case PROTO_AH:
@@ -1033,7 +1030,6 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
                        add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,  0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,       0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,        0);
-                       add_algorithm(this, INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,        0);
                        add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
                        break;
                default: