Bug #11078
IPsec PH2 incorrect proposals order
Start date:
11/18/2020
Due date:
% Done:
0%
Estimated time:
Affected Version:
2.5.0
Affected Architecture:
Description
If you choose both AES and AES-GCM ciphers, it sets the AES-CBC cipher to the first place of esp_proposals:
esp_proposals = aes128-sha256-modp2048,aes128gcm128-modp2048
which is incorrect, as AES-GCM must have a higher priority than AES-CBC
Associated revisions
History
#2
Updated by Jim Pingle 2 months ago
- Status changed from New to Pull Request Review
#3
Updated by Renato Botelho 2 months ago
- Assignee set to Viktor Gurov
- Target version set to 2.5.0
#4
Updated by Renato Botelho 2 months ago
- Status changed from Pull Request Review to Feedback
PR has been merged. Thanks!
#5
Updated by Danilo Zrenjanin 2 months ago
- Status changed from Feedback to Resolved
Tested on :
2.5.0-DEVELOPMENT (amd64) built on Thu Nov 26 18:59:35 EST 2020 FreeBSD 12.2-STABLE
The proposal order seems ok now:
esp_proposals = aes256gcm128-modp2048,aes256gcm96-modp2048,aes256gcm64-modp2048,aes192gcm128-modp2048,aes192gcm96-modp2048,aes192gcm64-modp2048,aes128gcm128-modp2048,aes128-sha256-modp2048
IPsec PH2 proposals order fix. Issue #11078