Project

General

Profile

Actions
Copy link

Bug #11078

closed

IPsec PH2 incorrect proposals order

Added by Viktor Gurov over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
2.5.0
Start date:
11/18/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:

Description

If you choose both AES and AES-GCM ciphers, it sets the AES-CBC cipher to the first place of esp_proposals:

esp_proposals = aes128-sha256-modp2048,aes128gcm128-modp2048

which is incorrect, as AES-GCM must have a higher priority than AES-CBC

Actions
Copy link
 #2

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #3

Updated by Renato Botelho over 3 years ago

  • Assignee set to Viktor Gurov
  • Target version set to 2.5.0
Actions
Copy link
 #4

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

Actions
Copy link
 #5

Updated by Danilo Zrenjanin over 3 years ago

  • Status changed from Feedback to Resolved

Tested on :

 2.5.0-DEVELOPMENT (amd64)
built on Thu Nov 26 18:59:35 EST 2020
FreeBSD 12.2-STABLE

The proposal order seems ok now:

esp_proposals = aes256gcm128-modp2048,aes256gcm96-modp2048,aes256gcm64-modp2048,aes192gcm128-modp2048,aes192gcm96-modp2048,aes192gcm64-modp2048,aes128gcm128-modp2048,aes128-sha256-modp2048

Actions
Copy link

Also available in: Atom PDF