HomeFreeBSD

Add deprecation warnings for IPsec algorithms deprecated in RFC 8221.

Description

Add deprecation warnings for IPsec algorithms deprecated in RFC 8221.

All of these algorithms are either explicitly marked MUST NOT, or they
are implicitly MUST NOTs by virtue of not being included in IETF's
list of protocols at all despite having assignments from IANA.

Specifically, this adds warnings for the following ciphers:

  • des-cbc
  • blowfish-cbc
  • cast128-cbc
  • des-deriv
  • des-32iv
  • camellia-cbc

Warnings for the following authentication algorithms are also added:

  • hmac-md5
  • keyed-md5
  • keyed-sha1
  • hmac-ripemd160

Reviewed by: cem, gnn
MFC after: 3 days
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D20340

Details

Committed
jhbMay 23 2019, 10:06 PM
Reviewer
cem
Differential Revision
D20340: Add deprecation warnings for IPsec algorithms deprecated in RFC 8221.
Parents
rS348204: Remove yet another unused variable.
Branches
Unknown
Tags
Unknown