Date: Thu, 23 May 2019 17:53:15 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: John Baldwin <jhb@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r348205 - head/sys/netipsec Message-ID: <201905240053.x4O0rFxp093133@gndrsh.dnsmgr.net> In-Reply-To: <7e3ef228-f9a7-5bd5-1826-5408eb368a71@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 5/23/19 3:06 PM, John Baldwin wrote: > > Author: jhb > > Date: Thu May 23 22:06:57 2019 > > New Revision: 348205 > > URL: https://svnweb.freebsd.org/changeset/base/348205 > > > > Log: > > Add deprecation warnings for IPsec algorithms deprecated in RFC 8221. > > > > All of these algorithms are either explicitly marked MUST NOT, or they > > are implicitly MUST NOTs by virtue of not being included in IETF's > > list of protocols at all despite having assignments from IANA. > > > > Specifically, this adds warnings for the following ciphers: > > - des-cbc > > - blowfish-cbc > > - cast128-cbc > > - des-deriv > > - des-32iv > > - camellia-cbc > > > > Warnings for the following authentication algorithms are also added: > > - hmac-md5 > > - keyed-md5 > > - keyed-sha1 > > - hmac-ripemd160 > > > > Reviewed by: cem, gnn > > MFC after: 3 days > > Sponsored by: Chelsio Communications > > Differential Revision: https://reviews.freebsd.org/D20340 > > The quick turnaround time is so that these warnings can be MFC'd. I will wait a > while to see how that fairs before pulling the plug on removing actual functionality > in head. Are you targeting this at 11.3, which if your not I would encourage you to do as the earlier on this type stuff the better. > John Baldwin -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905240053.x4O0rFxp093133>