Public bug reported: When adding sha384 and sha512 auth algorithms for vendor drivers(bug #1638152), the commit message said "Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't support" sha384 and sha512 as auth algorithms. However, after some research, all the *Swan drivers do support these two algorithms. So it is better to enable sha384/sha512 with *Swan drivers for security improvements.
- For StrongSwan, wiki pages back in Mid 2014: [1][2]. - For LibreSwan, wiki page back in May 2016: [3]. - For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4] [1]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites/16#Integrity-Algorithms [2]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites/35#Integrity-Algorithms [3]. https://libreswan.org/wiki/index.php?title=FAQ&oldid=20707#Which_ciphers_.2F_algorithms_does_libreswan_support.3F [4]. https://github.com/xelerance/Openswan/blob/master/lib/libopenswan/alg_info.c ** Affects: neutron Importance: Undecided Assignee: Hunt Xu (huntxu) Status: New ** Tags: vpnaas ** Description changed: When adding sha384 and sha512 auth algorithms for vendor drivers(bug #1638152), the commit message said "Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't support" sha384 and sha512 as auth algorithms. However, after some research, all the *Swan drivers do support these two algorithms. So it is better to enable sha384/sha512 with *Swan drivers for security improvements. - For StrongSwan, wiki pages back in Mid 2014: [1][2]. - For LibreSwan, wiki page back in May 2016: [3]. - For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4] + - For StrongSwan, wiki pages back in Mid 2014: [1][2]. + - For LibreSwan, wiki page back in May 2016: [3]. + - For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4] [1]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites/16#Integrity-Algorithms [2]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites/35#Integrity-Algorithms [3]. https://libreswan.org/wiki/index.php?title=FAQ&oldid=20707#Which_ciphers_.2F_algorithms_does_libreswan_support.3F [4]. https://github.com/xelerance/Openswan/blob/master/lib/libopenswan/alg_info.c -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1747654 Title: [RFE] VPNaaS: enable sha384/sha512 auth algorithms for *Swan drivers Status in neutron: New Bug description: When adding sha384 and sha512 auth algorithms for vendor drivers(bug #1638152), the commit message said "Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't support" sha384 and sha512 as auth algorithms. However, after some research, all the *Swan drivers do support these two algorithms. So it is better to enable sha384/sha512 with *Swan drivers for security improvements. - For StrongSwan, wiki pages back in Mid 2014: [1][2]. - For LibreSwan, wiki page back in May 2016: [3]. - For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4] [1]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites/16#Integrity-Algorithms [2]. https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites/35#Integrity-Algorithms [3]. https://libreswan.org/wiki/index.php?title=FAQ&oldid=20707#Which_ciphers_.2F_algorithms_does_libreswan_support.3F [4]. https://github.com/xelerance/Openswan/blob/master/lib/libopenswan/alg_info.c To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1747654/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
