yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1938284] Re: Missing Diffie-Hellman-Groups

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <1938284@xxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Jul 2023 21:22:31 -0000
Reply-to: Bug 1938284 <1938284@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Note that you've changed the information type of this bug to Public
Security, indicating it represents a possible security vulnerability.
Since the OpenStack Vulnerability Management Team (VMT) does not
officially oversee[*] the neutron-vpnaas deliverable, I'm adding a
security advisory task with a Won't Fix status to indicate we're not
tracking this for any future advisory publication.

[*] https://security.openstack.org/repos-overseen.html

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1938284

Title:
  Missing Diffie-Hellman-Groups

Status in neutron:
  In Progress
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  The values for the pfs (perfect forward secrecy) when creating an ike
  or ipsec policy are limited to the Diffie-Hellman-Groups 2,5 and 14.

  Strongswan as the default provider supports more than these 3 groups,
  e.g. group20(ecp384).

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1938284/+subscriptions

References

[Bug 1938284] [NEW] Missing Diffie-Hellman-Groups
From: Maxim Korezkij, 2021-07-28