Project

General

Profile

Bug #11078

IPsec PH2 incorrect proposals order

Added by Viktor Gurov 2 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
11/18/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.5.0
Affected Architecture:

Description

If you choose both AES and AES-GCM ciphers, it sets the AES-CBC cipher to the first place of esp_proposals:

esp_proposals = aes128-sha256-modp2048,aes128gcm128-modp2048

which is incorrect, as AES-GCM must have a higher priority than AES-CBC

Associated revisions

Revision 6005c9f5 (diff)
Added by Viktor Gurov 2 months ago

IPsec PH2 proposals order fix. Issue #11078

History

#2 Updated by Jim Pingle 2 months ago

  • Status changed from New to Pull Request Review

#3 Updated by Renato Botelho 2 months ago

  • Assignee set to Viktor Gurov
  • Target version set to 2.5.0

#4 Updated by Renato Botelho 2 months ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

#5 Updated by Danilo Zrenjanin 2 months ago

  • Status changed from Feedback to Resolved

Tested on :

 2.5.0-DEVELOPMENT (amd64)
built on Thu Nov 26 18:59:35 EST 2020
FreeBSD 12.2-STABLE

The proposal order seems ok now:

esp_proposals = aes256gcm128-modp2048,aes256gcm96-modp2048,aes256gcm64-modp2048,aes192gcm128-modp2048,aes192gcm96-modp2048,aes192gcm64-modp2048,aes128gcm128-modp2048,aes128-sha256-modp2048

Also available in: Atom PDF