Reviewed: https://review.opendev.org/c/openstack/neutron-vpnaas/+/898830 Committed: https://opendev.org/openstack/neutron-vpnaas/commit/f6033dd2ef544e1fc8b9dcd138e51a94211e61d4 Submitter: "Zuul (22348)" Branch: master
commit f6033dd2ef544e1fc8b9dcd138e51a94211e61d4 Author: Bodo Petermann <[email protected]> Date: Wed Oct 18 13:58:44 2023 +0200 Add support for additional auth, encryption, PFS choices Encryption algorithms: add AES CCM mode and AES GCM mode variants for 128/192/256 bit keys and 8/12/16 octet ICVs. In the API that will be 9 new choices for AES CCM and 9 for AES GCM, e.g. aes-256-ccm-16 (aes-{keysize}-ccm-{icv-size}). Add encrpytion algorithms for AES CTR mode: aes-128-ctr, aes-192-ctr, aes-256-ctr. Auth algorithms: add aes-xcbc and aes-cmac. PFS: add Diffie Hellman groups 15 to 31. Closes-Bug: #1938284 Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/903971 Change-Id: I07f49d8e91f0f16ee4c97e636ab3b62a5692d70c ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1938284 Title: Missing Diffie-Hellman-Groups Status in neutron: Fix Released Status in OpenStack Security Advisory: Won't Fix Bug description: The values for the pfs (perfect forward secrecy) when creating an ike or ipsec policy are limited to the Diffie-Hellman-Groups 2,5 and 14. Strongswan as the default provider supports more than these 3 groups, e.g. group20(ecp384). To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1938284/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
