yahoo-eng-team team mailing list archive

[OpenStack Infra <1938284@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/c/openstack/neutron-vpnaas/+/898830
Committed: https://opendev.org/openstack/neutron-vpnaas/commit/f6033dd2ef544e1fc8b9dcd138e51a94211e61d4
Submitter: "Zuul (22348)"
Branch:    master

commit f6033dd2ef544e1fc8b9dcd138e51a94211e61d4
Author: Bodo Petermann <b.petermann@xxxxxxxxxxxx>
Date:   Wed Oct 18 13:58:44 2023 +0200

    Add support for additional auth, encryption, PFS choices
    
    Encryption algorithms: add AES CCM mode and AES GCM mode variants
    for 128/192/256 bit keys and 8/12/16 octet ICVs.
    In the API that will be 9 new choices for AES CCM and 9 for AES GCM,
    e.g. aes-256-ccm-16 (aes-{keysize}-ccm-{icv-size}).
    Add encrpytion algorithms for AES CTR mode: aes-128-ctr, aes-192-ctr,
    aes-256-ctr.
    Auth algorithms: add aes-xcbc and aes-cmac.
    PFS: add Diffie Hellman groups 15 to 31.
    
    Closes-Bug: #1938284
    Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/903971
    Change-Id: I07f49d8e91f0f16ee4c97e636ab3b62a5692d70c


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1938284

Title:
  Missing Diffie-Hellman-Groups

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  The values for the pfs (perfect forward secrecy) when creating an ike
  or ipsec policy are limited to the Diffie-Hellman-Groups 2,5 and 14.

  Strongswan as the default provider supports more than these 3 groups,
  e.g. group20(ecp384).

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1938284/+subscriptions