Project

General

Profile

Actions

Feature #10221

closed

Update DH group warnings to say that group 5 is also weak

Added by Viktor Gurov over 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
01/29/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

from https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations:
It is advised to adhere to the recommendation of the appropriate security authority when choosing ciphers
to secure the tunnel cryptographically. www.keylength.com lists some of the standards for western Europe
and the US. It is strongly advised to use at least 2048 bit key length for MODP Diffie-Hellman groups.

DH group 5 = 1536 bits

Actions #2

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Pull Request Review
Actions #3

Updated by Renato Botelho over 2 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.5.0
  • % Done changed from 0 to 100

Pull request has been merged. Thanks!

Actions #4

Updated by Viktor Gurov over 2 years ago

additional PR for IPsec Phase 1 warning:
https://github.com/pfsense/pfsense/pull/4185

Actions #5

Updated by Viktor Gurov over 2 years ago

  • Status changed from Feedback to Resolved

ok on 2.5.0.a.20200211.1811

Actions #6

Updated by Jim Pingle about 2 years ago

  • Status changed from Resolved to Feedback
  • Target version changed from 2.5.0 to 2.4.5-p1
Actions #7

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved

Group 5 is now visible in the warnings.

Actions

Also available in: Atom PDF