General

Profile

Dim Hatz

  • Registered on: 09/19/2011
  • Last connection: 01/31/2014

Issues

Activity

01/31/2014

09:52 AM pfSense Bug #1629: invalid state table entries after WAN IP change
It seems that in recent weeks there have been several related commits in 10-STABLE, e.g.
http://lists.freebsd.org/...

07/14/2013

03:15 PM pfSense Revision ab17ed4e: support mitigating BEAST attack
According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30
"...by setting
ssl.cipher-list = "EC...

07/01/2013

08:16 PM pfSense Revision 9e5ae41a: support mitigating BEAST attack
According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30
"...by setting
ssl.cipher-list = "EC...

03/11/2013

07:20 PM pfSense Feature #2849: IKEv2 support for IPsec
Another option for IKEv2 would be the portable version of OpenBSD's OpenIKED
https://github.com/reyk/openiked
-...

02/15/2013

01:37 PM pfSense Bug #1629: invalid state table entries after WAN IP change
To followup my previous post, I have verified that the WAN (em0) states are indeed flushed, however their correspondi...

02/13/2013

05:32 PM pfSense Bug #1629: invalid state table entries after WAN IP change
Ermal, testing this feature on a pfsense box with a WAN interface that gets via DHCP an IP in a /24 subnet (i.e. it's...

01/24/2013

02:49 PM pfSense Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only
Bipin, if you've identified that Unisphere BRAS is used by all the ISPs you've tried and had problems with, then perh...

01/20/2013

09:22 PM pfSense Feature #2765: Allow generation an x509 certificates with an SHA256 signature hash
Based on some searching I did earlier, it seems that the only ones suitable are:
sha1 (with the above mentioned re...
08:03 PM pfSense Feature #2765: Allow generation an x509 certificates with an SHA256 signature hash
Just quick update:
1) The relevant keyword in openssl.cnf is default_md = sha256 # (md5/sha512/etc)
2) For openss...
07:09 PM pfSense Feature #2765 (Resolved): Allow generation an x509 certificates with an SHA256 signature hash
Apparently pfsense's Cert Manager has hard-coded the use of SHA-1 for all PKI operations ("digest_alg" => "sha1" in /...

Also available in: Atom