remove IPsec SKIPJACK support...

John-Mark Gurney jmg at funkthat.com
Wed Jul 29 16:11:06 UTC 2015


George Neville-Neil wrote this message on Wed, Jul 29, 2015 at 10:35 -0400:
> That's fine so long as its removed in HEAD now, and then the warning can 
> go into 10 aka 10.3.

As I said, setkey doesn't support it.. and I looked at the ports for
racoon2 and strongswan (has it in their library, but, and neither support it...  Are there any other
programs (besides custom software) that can do secdb manipulations that
could possibly create a skipjack sdb entry?

If not, putting warning into 9 and 10 seems excessive for a feature that
people can't even use...

> On 28 Jul 2015, at 13:25, Adrian Chadd wrote:
> 
> > I'd put together a deprecation plan, which starts with the kernel
> > warning that this stuff is being removed, MFC that to stable/10 and
> > stable/9 so people aren't surprised when they upgrade, and then have
> > it removed in 11.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the freebsd-security mailing list