Hi, if you refer to the recent SSL protocol vulnerability
http://www.phonefactor.com/sslgap/ the answers is clearly *no*, since the Internet Key Exchange (IKE) protocol is not based in any way on the SSL/TLS handshake protocol. We have some plans though to support EAP-TLS authentication in the future which would require the use of TLS within an IKE negotiation but first we haven't started this development yet and second the EAP-TLS exchange will be protected by the encrypted IKEv2 session which in turn is authenticated by a gateway certificate. Only EAP-only authentication as proposed by http://tools.ietf.org/html/draft-eronen-ipsec-ikev2-eap-auth-07 could be potentially vulnerable. Best regards Andreas [email protected] wrote: > Hi, > > Perhaps completely off-topic, > Does the warning about a ssl-protocol bug has any implications for > strongswan? > They mention that all ssl-libs must be rebuild. > As swan uses ssl-certificates, are we affected aswell? > > hw > > Defensie/CDC/IVENT/Research en Innovation Centrum > Ing J. (Hans) Witvliet Systeembeheer, CAcert-assurer > T 0174-539053 > mailto:[email protected] > Coldenhovelaan 1, 3155RC Maasland, kamer A109 > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
