CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2019/04/02 03:42:55
Modified files:
sbin/iked : dh.c iked.conf.5 ikev2.h parse.y
Log message:
When curve25519 was added to iked, it was based on the internet-draft and
used a private-use group number. Switch to the group number assigned in
RFC8031 as used in other implementations.
"this is the right time" deraadt@ "I like the idea" reyk@
If you use iked<>iked and have configured curve25519 in iked.conf (this
is not the default), you can switch to another PFS group before updating
then switch back. OpenBSD 6.3+ allows multiple "ikesa" lines so the
initiator can choose which to use.
