From owner-svn-doc-head@freebsd.org Tue Jul 28 17:22:23 2015 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C3829ADF01; Tue, 28 Jul 2015 17:22:23 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0CB0AB0; Tue, 28 Jul 2015 17:22:23 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6SHMMmu031337; Tue, 28 Jul 2015 17:22:22 GMT (envelope-from jmg@FreeBSD.org) Received: (from jmg@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6SHMM5b031336; Tue, 28 Jul 2015 17:22:22 GMT (envelope-from jmg@FreeBSD.org) Message-Id: <201507281722.t6SHMM5b031336@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jmg set sender to jmg@FreeBSD.org using -f From: John-Mark Gurney Date: Tue, 28 Jul 2015 17:22:22 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r47124 - head/en_US.ISO8859-1/books/handbook/security X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2015 17:22:23 -0000 Author: jmg (src,ports committer) Date: Tue Jul 28 17:22:22 2015 New Revision: 47124 URL: https://svnweb.freebsd.org/changeset/doc/47124 Log: DES is a terrible suggestion, and it MUST NOT be used per RFC7321.. I plan to make code changes soon to break the old config anyways... This chapter needs to be updated badly, and me leaving the example here is not an endorsement to use it... Pointed out by: Daniel Plominski Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Tue Jul 28 17:07:30 2015 (r47123) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Tue Jul 28 17:22:22 2015 (r47124) @@ -2364,7 +2364,7 @@ sainfo (address 10.246.38.0/24 any addr { # $network must be the two internal networks you are joining. pfs_group 1; lifetime time 36000 sec; - encryption_algorithm blowfish,3des,des; + encryption_algorithm blowfish,3des; authentication_algorithm hmac_md5,hmac_sha1; compression_algorithm deflate; }