Actions
Feature #13647
closedSupport for ChaCha20-Poly1305 encryption with IPsec
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Description
Copying here so it gets into the release notes.
This requires changes to the FreeBSD source (https://cgit.freebsd.org/src/commit/?id=9f8f3a8e9ad4fbdcdfd14eb4d3977e587ab41341 ) and the PHP code
- MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/915 (2a8d2eba1e625b4d1356d325d084b004f5fad484) -- also contains changes that remove deprecated ciphers, there will be a separate redmine to note that.
- MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/923 (81c792f03b6607a1366a5bd54c5a5192a21b2cca)
Changes have already been merged and tested and are working. The latest CE and Plus snapshots can establish P1+P2 with ChaCha20-Poly1305 and pass traffic.
Related issues
Updated by Jim Pingle almost 2 years ago
- Related to Todo #13648: Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing) added
Actions