Date: Fri, 1 May 2020 17:23:46 -0700 From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r360557 - in head: lib/libipsec sbin/setkey sys/netipsec usr.bin/netstat Message-ID: <6cb8b3f0-10ca-4fca-faff-a3b5983e214c@FreeBSD.org> In-Reply-To: <202005020006.04206xTZ094527@repo.freebsd.org> References: <202005020006.04206xTZ094527@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/1/20 5:06 PM, John Baldwin wrote: > Author: jhb > Date: Sat May 2 00:06:58 2020 > New Revision: 360557 > URL: https://svnweb.freebsd.org/changeset/base/360557 > > Log: > Remove support for IPsec algorithms deprecated in r348205 and r360202. > > Examples of depecrated algorithms in manual pages and sample configs > are updated where relevant. I removed the one example of combining > ESP and AH (vs using a cipher and auth in ESP) as RFC 8221 says this > combination is NOT RECOMMENDED. > > Specifically, this removes support for the following ciphers: > - des-cbc > - 3des-cbc > - blowfish-cbc > - cast128-cbc > - des-deriv > - des-32iv > - camellia-cbc > > This also removes support for the following authentication algorithms: > - hmac-md5 > - keyed-md5 > - keyed-sha1 > - hmac-ripemd160 > > Reviewed by: cem, gnn (older verisons) > Relnotes: yes > Sponsored by: Chelsio Communications > Differential Revision: https://reviews.freebsd.org/D24342 Oops, forgot: PR: 245834 (exp-run) -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6cb8b3f0-10ca-4fca-faff-a3b5983e214c>