Bug #11078: IPsec PH2 incorrect proposals order - pfSense - pfSense bugtracker

Bug #11078

IPsec PH2 incorrect proposals order

Added by Viktor Gurov 5 months ago. Updated 5 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

Viktor Gurov

Category:

IPsec

Target version:

2.5.0

Start date:

11/18/2020

Due date:

% Done:

Estimated time:

Affected Version:

2.5.0

Affected Architecture:

Release Notes:

Default

Description

If you choose both AES and AES-GCM ciphers, it sets the AES-CBC cipher to the first place of esp_proposals:

esp_proposals = aes128-sha256-modp2048,aes128gcm128-modp2048

which is incorrect, as AES-GCM must have a higher priority than AES-CBC

Associated revisions

Revision 6005c9f5 (diff)
Added by Viktor Gurov 5 months ago

IPsec PH2 proposals order fix. Issue #11078

History

#1 Updated by Viktor Gurov 5 months ago

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/53

#2 Updated by Jim Pingle 5 months ago

Status changed from New to Pull Request Review

#3 Updated by Renato Botelho 5 months ago

Assignee set to Viktor Gurov
Target version set to 2.5.0

#4 Updated by Renato Botelho 5 months ago

Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

#5 Updated by Danilo Zrenjanin 5 months ago

Status changed from Feedback to Resolved

Tested on :

 2.5.0-DEVELOPMENT (amd64)
built on Thu Nov 26 18:59:35 EST 2020
FreeBSD 12.2-STABLE

The proposal order seems ok now:

esp_proposals = aes256gcm128-modp2048,aes256gcm96-modp2048,aes256gcm64-modp2048,aes192gcm128-modp2048,aes192gcm96-modp2048,aes192gcm64-modp2048,aes128gcm128-modp2048,aes128-sha256-modp2048

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues

Custom queries