On 2 December 2015 at 23:36, Christian Weisgerber <na...@mips.inka.de> wrote: > Quoth ipsec.conf(5): > Use of DES as an encryption algorithm is considered to be insecure since > brute force attacks are practical due its short key length. > > The attached patch removes support for DES-CBC encryption in ESP > and in IKE main and quick mode from the kernel, iked(8), ipsecctl(8), > and isakmpd(8). > > Note this is plain DES, *not* 3DES. > > RFC2409 (November 1998) says that DES support is a "MUST" for IKEv1, > but I think we _must_ ignore this. > > > Next I intend to remove DES from the kernel crypto framework. > >
Hi, I thought I've OK'ed this diff, but looks like I didn't. OK mikeb
