HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS360557

Remove support for IPsec algorithms deprecated in r348205 and r360202.
rS360557
Actions

Description

Remove support for IPsec algorithms deprecated in r348205 and r360202.

Examples of depecrated algorithms in manual pages and sample configs
are updated where relevant. I removed the one example of combining
ESP and AH (vs using a cipher and auth in ESP) as RFC 8221 says this
combination is NOT RECOMMENDED.

Specifically, this removes support for the following ciphers:

  • des-cbc
  • 3des-cbc
  • blowfish-cbc
  • cast128-cbc
  • des-deriv
  • des-32iv
  • camellia-cbc

This also removes support for the following authentication algorithms:

  • hmac-md5
  • keyed-md5
  • keyed-sha1
  • hmac-ripemd160

Reviewed by: cem, gnn (older verisons)
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24342

Details

Provenance
jhbAuthored on
Reviewer
cem
Differential Revision
D24342: Remove support for IPsec algorithms deprecated in r348205 and r360202.
Parents
rS360556: MFC: r360032
Branches
Unknown
Tags
Unknown

Changes (11)

PathSize
head/
lib/
libipsec/
sbin/
setkey/
sys/
netipsec/
usr.bin/
netstat/

rS360557

View Options

head/lib/libipsec/pfkey_dump.c

Loading...
View Options

head/sbin/setkey/sample.cf

Loading...
View Options

head/sbin/setkey/setkey.8

Loading...
View Options

head/sbin/setkey/test-pfkey.c

Loading...
View Options

head/sbin/setkey/token.l

Loading...
View Options

head/sys/netipsec/ipsec.c

Loading...
View Options

head/sys/netipsec/ipsec.h

Loading...
View Options

head/sys/netipsec/key.c

Loading...
View Options

head/sys/netipsec/xform_ah.c

Loading...
View Options

head/sys/netipsec/xform_esp.c

Loading...
View Options

head/usr.bin/netstat/ipsec.c

Loading...