Re: what's wrong with ipsec ?
from 47.html Two bugs in IPsec/HMAC-SHA2 were fixed, resulting in an incompatibility with the HMAC-SHA-256/384/512 hash algorithms with previous versions of OpenBSD and other IPsec implementations sharing the bugs.
Re: what's wrong with ipsec ?
On Tue, 1 Jun 2010 15:14:58 +0100 Sevan / Venture37 ventur...@gmail.com wrote: from 47.html Two bugs in IPsec/HMAC-SHA2 were fixed, resulting in an incompatibility with the HMAC-SHA-256/384/512 hash algorithms with previous versions of OpenBSD and other IPsec implementations sharing the bugs. :-) ok, i see. now, what are we expected to do? it could be difficult to change systems on remote end... -- With best regards, Gregory Edigarov
Re: what's wrong with ipsec ?
On Tue, 1 Jun 2010 17:44:41 +0300 Gregory Edigarov g...@bestnet.kharkov.ua wrote: On Tue, 1 Jun 2010 15:14:58 +0100 Sevan / Venture37 ventur...@gmail.com wrote: from 47.html Two bugs in IPsec/HMAC-SHA2 were fixed, resulting in an incompatibility with the HMAC-SHA-256/384/512 hash algorithms with previous versions of OpenBSD and other IPsec implementations sharing the bugs. :-) ok, i see. now, what are we expected to do? it could be difficult to change systems on remote end... http://www.openbsd.org/faq/upgrade47.html#hmac-sha2 Upgrade both sides together, or switch to another authentication algorithm during the transition.