svn commit: r348205 - head/sys/netipsec
John Baldwin
jhb at FreeBSD.org
Thu May 23 22:10:44 UTC 2019
On 5/23/19 3:06 PM, John Baldwin wrote:
> Author: jhb
> Date: Thu May 23 22:06:57 2019
> New Revision: 348205
> URL: https://svnweb.freebsd.org/changeset/base/348205
>
> Log:
> Add deprecation warnings for IPsec algorithms deprecated in RFC 8221.
>
> All of these algorithms are either explicitly marked MUST NOT, or they
> are implicitly MUST NOTs by virtue of not being included in IETF's
> list of protocols at all despite having assignments from IANA.
>
> Specifically, this adds warnings for the following ciphers:
> - des-cbc
> - blowfish-cbc
> - cast128-cbc
> - des-deriv
> - des-32iv
> - camellia-cbc
>
> Warnings for the following authentication algorithms are also added:
> - hmac-md5
> - keyed-md5
> - keyed-sha1
> - hmac-ripemd160
>
> Reviewed by: cem, gnn
> MFC after: 3 days
> Sponsored by: Chelsio Communications
> Differential Revision: https://reviews.freebsd.org/D20340
The quick turnaround time is so that these warnings can be MFC'd. I will wait a
while to see how that fairs before pulling the plug on removing actual functionality
in head.
--
John Baldwin
More information about the svn-src-all
mailing list