ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

proposal: Remove MODP-1024 from default IKE proposal 

RFC 8247 demoted it to SHOULD NOT. This might break connections with
Windows clients unless they are configured to use a stronger group or
matching weak proposals are configured explicitly on the server.

References #2427.
This commit is contained in:
Tobias Brunner 2017-09-19 11:04:37 +02:00
parent 10da451fc3
commit 76c58498ef
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libcharon/config/proposal.c
View File

@ -973,6 +973,8 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
/* only for testing purposes */
break;
case MODP_768_BIT:
case MODP_1024_BIT:
case MODP_1536_BIT:
/* weak */
break;
case MODP_1024_160:
@ -980,7 +982,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case MODP_2048_256:
/* RFC 5114 primes are of questionable source */
break;
case MODP_1536_BIT:
case ECP_224_BIT:
case ECP_224_BP:
case ECP_192_BIT:
@ -988,7 +989,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
/* rarely used */
break;
case MODP_2048_BIT:
case MODP_1024_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
break;
default: