← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1747654] Re: VPNaaS: enable sha384/sha512 auth algorithms for *Swan drivers

 

Reviewed:  https://review.openstack.org/541250
Committed: https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=03b6cc81876df2423c17532b8f2e0ef2bbb6a84b
Submitter: Zuul
Branch:    master

commit 03b6cc81876df2423c17532b8f2e0ef2bbb6a84b
Author: Hunt Xu <mhuntxu@xxxxxxxxx>
Date:   Tue Feb 6 18:21:21 2018 +0800

    Enable sha384/sha512 auth algorithms for *Swan drivers
    
    Closes-Bug: #1747654
    Change-Id: I84d3ac6379bc0b6d483b557f38f3a462f0f1f1bf


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1747654

Title:
  VPNaaS: enable sha384/sha512 auth algorithms for  *Swan drivers

Status in neutron:
  Fix Released

Bug description:
  When adding sha384 and sha512 auth algorithms for vendor drivers(bug
  #1638152), the commit message said "Openswan, Strongswan, Libreswan
  and Cisco CSR driver doesn't support" sha384 and sha512 as auth
  algorithms. However, after some research, all the *Swan drivers do
  support these two algorithms. So it is better to enable sha384/sha512
  with *Swan drivers for security improvements.

  - For StrongSwan, wiki pages back in Mid 2014: [1][2].
  - For LibreSwan, wiki page back in May 2016: [3].
  - For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4]

  [1]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites/16#Integrity-Algorithms
  [2]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites/35#Integrity-Algorithms
  [3]. https://libreswan.org/wiki/index.php?title=FAQ&oldid=20707#Which_ciphers_.2F_algorithms_does_libreswan_support.3F
  [4]. https://github.com/xelerance/Openswan/blob/master/lib/libopenswan/alg_info.c

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1747654/+subscriptions


References