Remove MODP groups from default ESP proposal
This now actually makes pfs=no the default and it equals the default
listed in ipsec.conf.5. efc69e9f
preserved the default of pfs=yes.
This commit is contained in:
parent
bca34c3717
commit
e74f184cb4
|
@ -36,7 +36,7 @@
|
|||
#define SA_REPLACEMENT_RETRIES_DEFAULT 3
|
||||
|
||||
static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
|
||||
static const char esp_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
|
||||
static const char esp_defaults[] = "aes128-sha1,3des-sha1";
|
||||
|
||||
static const char firewall_defaults[] = "ipsec _updown iptables";
|
||||
|
||||
|
|
Loading…
Reference in New Issue