[Swan-commit] Changes to ref refs/heads/master
New commits: commit c6803415e3404d23c9280368da0bafa0f1042a71 Author: Tuomo Soini t...@foobar.fi Date: Mon Sep 15 18:50:48 2014 +0300 install: Fix installation of /etc/pam.d/pluto to use INSTCONFFLAGS commit 508fda0d38bd1eab05773ae188401211b5a2db1c Author: Tuomo Soini t...@foobar.fi Date: Mon Sep 15 18:48:59 2014 +0300 building: INSTMANFLAGS setting belongs to Makefile.inc ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 5ed28e521bbe1d5dd543a05510c9fb0bccf60496 Author: Paul Wouters pwout...@redhat.com Date: Mon Sep 15 12:21:06 2014 -0400 updated changes commit 2352d0cb63fa26e8987d002bdac8e12f9394841a Author: Paul Wouters pwout...@redhat.com Date: Mon Sep 15 12:06:33 2014 -0400 pluto: filter PF_KEY registrations for KLIPS and NETKEY The kernel PF_KEY interface returns the ciphers supported by the kernel. We currently use this for KLIPS and NETKEY, although for NETKEY some registrations not announced via the PF_KEY API are added manually (AES_GCM, AES_CCM, AES_CTR, etc). The kernel allows ESP_CAST with variable keysizes, and we only want to support 128bit. This patch overrides the minkeysize for CAST to be 128. The kernel also advertises ESP_BLOWFISH (with variable keysize), but its inventor Bruce Schneier has said to stop using blowfish and use twofish instead. So this registration is now ignored. Finally, the kernel advertises ESP_DES, which is simply too weak to be allowed. While we already disallowed it elsewhere in the pluto code, with this patch it is no longer registered. TODO: Check if we are running in FIPS mode, and if so, disallow ciphers not allowed while in FIPS mode (md5, twofish, serpent, ripemd160) ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 567ad59e6f9dba5e6273e31e9f29cbdf354b6a37 Author: Antony Antony ant...@phenome.org Date: Tue Sep 16 02:07:42 2014 +0300 testing: add basic-pluto-15-no-retransmit ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 04601de8bfe1273861a61a66ad4f365aa7f49406 Author: Paul Wouters pwout...@redhat.com Date: Mon Sep 15 20:19:39 2014 -0400 testing: updated reference output for ikev2-algo-08-cast and netkey-algo-cast-01 ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit f354aad79de99288358d2089f02050d229dc4e4f Author: Paul Wouters pwout...@redhat.com Date: Mon Sep 15 21:40:37 2014 -0400 testing: WIP interop-ikev2-strongswan-20-strongswan-eap ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
