Project

General

Profile

Actions

Bug #4248

closed

AES-GCM doesn't interoperate with devices not using padding

Added by Ermal Luçi about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
Ermal Luçi
Category:
IPsec
Target version:
Start date:
01/20/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:

Description

As reported on https://forum.pfsense.org/index.php?topic=86866.msg477744#msg477744
The linux hosts like to send unpadded packets on AES-GCM i can guess to improve performance.

Need to check if this check needs to be relaxed on the kernel or it should stay as is.

Actions #1

Updated by Chris Buechler about 9 years ago

  • Tracker changed from Todo to Bug
  • Subject changed from AES-GCM padding is not manadatory to AES-GCM doesn't interoperate with devices not using padding
  • Status changed from New to Confirmed
  • Assignee set to Ermal Luçi
  • Priority changed from Normal to High
  • Target version changed from 2.2.1 to 2.2

Jim mentioned today we'll get this addressed in 2.2.

Ermal: test setup with AES-GCM to an ASA is setup. will email details momentarily

Actions #2

Updated by Ermal Luçi about 9 years ago

  • Status changed from Confirmed to Feedback

Fixed by allowing the blocksize to not be multiple of blocksize.

Actions #3

Updated by Chris Buechler about 9 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF