Project

General

Profile

Actions
Copy link

Bug #14841

closed

IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS

Added by Jim Pingle almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
High
Assignee:
Jim Pingle
Category:
IPsec Profile Wizard
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Since the change to OpenSSL 3.0 on development snapshots, IPsec Profiles exported for Apple cannot be read.

Similar to #13255 and #13257, the PKCS#12 export in the IPsec Profile package code ends up using the system default encryption, which on OpenSSL 3.0 is too strong for macOS/iOS to read. It needs to use the "low" encryption setting (3DES+SHA1).

The IPsec Profile package code can also be changed to use the system cert_pkcs12_export() function rather than using custom code.

To me, I have a fix ready.

Actions
Copy link
 #1

Updated by Jim Pingle almost 2 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #2

Updated by Danilo Zrenjanin almost 2 years ago

  • Status changed from Feedback to Resolved

Tested against:

ipsec-profile-wizard    net    1.2

I successfully imported the configuration into macOS Sonoma version 14.0, and the VPN connection was established.

I am marking this case as resolved.

Actions
Copy link

Also available in: Atom PDF