yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #70929
[Bug 1747654] [NEW] [RFE] VPNaaS: enable sha384/sha512 auth algorithms for *Swan drivers
Public bug reported:
When adding sha384 and sha512 auth algorithms for vendor drivers(bug
#1638152), the commit message said "Openswan, Strongswan, Libreswan and
Cisco CSR driver doesn't support" sha384 and sha512 as auth algorithms.
However, after some research, all the *Swan drivers do support these two
algorithms. So it is better to enable sha384/sha512 with *Swan drivers
for security improvements.
- For StrongSwan, wiki pages back in Mid 2014: [1][2].
- For LibreSwan, wiki page back in May 2016: [3].
- For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4]
[1]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites/16#Integrity-Algorithms
[2]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites/35#Integrity-Algorithms
[3]. https://libreswan.org/wiki/index.php?title=FAQ&oldid=20707#Which_ciphers_.2F_algorithms_does_libreswan_support.3F
[4]. https://github.com/xelerance/Openswan/blob/master/lib/libopenswan/alg_info.c
** Affects: neutron
Importance: Undecided
Assignee: Hunt Xu (huntxu)
Status: New
** Tags: vpnaas
** Description changed:
When adding sha384 and sha512 auth algorithms for vendor drivers(bug
#1638152), the commit message said "Openswan, Strongswan, Libreswan and
Cisco CSR driver doesn't support" sha384 and sha512 as auth algorithms.
However, after some research, all the *Swan drivers do support these two
algorithms. So it is better to enable sha384/sha512 with *Swan drivers
for security improvements.
- For StrongSwan, wiki pages back in Mid 2014: [1][2].
- For LibreSwan, wiki page back in May 2016: [3].
- For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4]
+ - For StrongSwan, wiki pages back in Mid 2014: [1][2].
+ - For LibreSwan, wiki page back in May 2016: [3].
+ - For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4]
[1]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites/16#Integrity-Algorithms
[2]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites/35#Integrity-Algorithms
[3]. https://libreswan.org/wiki/index.php?title=FAQ&oldid=20707#Which_ciphers_.2F_algorithms_does_libreswan_support.3F
[4]. https://github.com/xelerance/Openswan/blob/master/lib/libopenswan/alg_info.c
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1747654
Title:
[RFE] VPNaaS: enable sha384/sha512 auth algorithms for *Swan drivers
Status in neutron:
New
Bug description:
When adding sha384 and sha512 auth algorithms for vendor drivers(bug
#1638152), the commit message said "Openswan, Strongswan, Libreswan
and Cisco CSR driver doesn't support" sha384 and sha512 as auth
algorithms. However, after some research, all the *Swan drivers do
support these two algorithms. So it is better to enable sha384/sha512
with *Swan drivers for security improvements.
- For StrongSwan, wiki pages back in Mid 2014: [1][2].
- For LibreSwan, wiki page back in May 2016: [3].
- For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4]
[1]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites/16#Integrity-Algorithms
[2]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites/35#Integrity-Algorithms
[3]. https://libreswan.org/wiki/index.php?title=FAQ&oldid=20707#Which_ciphers_.2F_algorithms_does_libreswan_support.3F
[4]. https://github.com/xelerance/Openswan/blob/master/lib/libopenswan/alg_info.c
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1747654/+subscriptions
Follow ups
