www/68.html - diff

Return to 68.html CVS log

Up to [local] / www

Diff for /www/68.html between version 1.37 and 1.38

version 1.37, 2020/10/04 17:14:09

version 1.38, 2020/10/04 19:13:46

Line 386

<ul>

<li>Fixed an <a href="https://man.openbsd.org/iked">iked(8)</a> policy lookup edge case for simultaneous transport and tunnel mode SAs.

<li>Added AES-GCM mode ciphers for IKEv2, configurable in <a href="https://man.openbsd.org/iked.conf">iked.conf(5)</a> with the new "ikesa enc" options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.

<li>Added AES-GCM ciphers to the default proposals for IKE and Child SAs resulting in considerable performance improvements with hardware acceleration support.

<li>Fixed <a href="https://man.openbsd.org/iked">iked(8)</a> public key authentication interoperability with *swan and other IKEv2 implementations by making CERT and CERTREQ payloads optional.

<li>Prioritized incoming certificate requests by the order of CERTEQ payloads in the received message in <a href="https://man.openbsd.org/iked">iked(8)</a>.

<li>Added optional <a href="https://man.openbsd.org/iked">iked(8)</a> time-stamp validation for OCSP.