Return to 68.html CVS log | Up to [local] / www |
version 1.37, 2020/10/04 17:14:09 | version 1.38, 2020/10/04 19:13:46 | ||
---|---|---|---|
|
|
||
<ul> | <ul> | ||
<li>Fixed an <a href="https://man.openbsd.org/iked">iked(8)</a> policy lookup edge case for simultaneous transport and tunnel mode SAs. | <li>Fixed an <a href="https://man.openbsd.org/iked">iked(8)</a> policy lookup edge case for simultaneous transport and tunnel mode SAs. | ||
<li>Added AES-GCM mode ciphers for IKEv2, configurable in <a href="https://man.openbsd.org/iked.conf">iked.conf(5)</a> with the new "ikesa enc" options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12. | <li>Added AES-GCM mode ciphers for IKEv2, configurable in <a href="https://man.openbsd.org/iked.conf">iked.conf(5)</a> with the new "ikesa enc" options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12. | ||
<li>Added AES-GCM ciphers to the default proposals for IKE and Child SAs resulting in considerable performance improvements with hardware acceleration support. | |||
<li>Fixed <a href="https://man.openbsd.org/iked">iked(8)</a> public key authentication interoperability with *swan and other IKEv2 implementations by making CERT and CERTREQ payloads optional. | <li>Fixed <a href="https://man.openbsd.org/iked">iked(8)</a> public key authentication interoperability with *swan and other IKEv2 implementations by making CERT and CERTREQ payloads optional. | ||
<li>Prioritized incoming certificate requests by the order of CERTEQ payloads in the received message in <a href="https://man.openbsd.org/iked">iked(8)</a>. | <li>Prioritized incoming certificate requests by the order of CERTEQ payloads in the received message in <a href="https://man.openbsd.org/iked">iked(8)</a>. | ||
<li>Added optional <a href="https://man.openbsd.org/iked">iked(8)</a> time-stamp validation for OCSP. | <li>Added optional <a href="https://man.openbsd.org/iked">iked(8)</a> time-stamp validation for OCSP. |