On Wed, 29 Jul 2020, Jorge Sevillanos wrote:
I've receivedĀ a notification that version 3.27 has vulnerabilities and the solution is to update to version 3.32 or apply the patches.
Indeed.
Problems with upgrading to version 3.32 is that in ikev1 configurations, some ciphers and DH groups have been deprecated. Is there somethingĀ I can do to upgrade from 3.27 to 3.32 and use the RCF4109 which is the standard that updated de RFC2409.
Some where only no longer placed in defaults, but you can still add them using an ike= and esp= line. The only thing that got disabled was DH2. If you _really_ want it back, recompile with USE_DH2=yes set in ~/libreswan/Makefile.inc.local But anything that supports DH2, supports DH5, so it is better to upgrade your configurations. DH2 can be broken with university budgets. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
