CVS: cvs.openbsd.org: src

[Christian Weisgerber]

CVSROOT:        /cvs
Module name:    src
Changes by:     na...@cvs.openbsd.org   2015/12/09 14:41:50

Modified files:
        sbin/iked      : iked.conf.5 parse.y pfkey.c 
        sbin/ipsecctl  : ike.c ipsec.conf.5 ipsecctl.h parse.y pfkdump.c 
                         pfkey.c 
        sbin/isakmpd   : conf.c crypto.c ipsec.c isakmpd.conf.5 
                         pf_key_v2.c sa.c 
        sys/net        : pfkeyv2.c pfkeyv2.h pfkeyv2_convert.c 
        sys/netinet    : ip_esp.c 

Log message:
Remove plain DES encryption from IPsec.

DES is insecure since brute force attacks are practical due to its
short key length.

This removes support for DES-CBC encryption in ESP and in IKE main
and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8).

ok mikeb@