Return to 68.html CVS log | Up to [local] / www |
version 1.86, 2021/01/16 09:10:16 | version 1.87, 2021/03/15 10:18:42 | ||
---|---|---|---|
|
|
||
<ul> | <ul> | ||
<li>Added AES-GCM mode ciphers for IKEv2, configurable in <a href="https://man.openbsd.org/iked.conf">iked.conf(5)</a> with the new "ikesa enc" options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12. | <li>Added AES-GCM mode ciphers for IKEv2, configurable in <a href="https://man.openbsd.org/iked.conf">iked.conf(5)</a> with the new "ikesa enc" options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12. | ||
<li>Enabled AES-GCM ciphers by default for IKE and Child SAs resulting in considerable performance improvements with hardware acceleration support. | <li>Enabled AES-GCM ciphers by default for IKE and Child SAs resulting in considerable performance improvements with hardware acceleration support. | ||
<li>Enabled SHA2_384 and SHA2_512 by default for improved compatibilty. | <li>Enabled SHA2_384 and SHA2_512 by default for improved compatibility. | ||
<li>Added the new <a href="https://man.openbsd.org/iked">iked(8)</a> configuration option "set enforcesingleikesa" to limit the number of connections for each peer. | <li>Added the new <a href="https://man.openbsd.org/iked">iked(8)</a> configuration option "set enforcesingleikesa" to limit the number of connections for each peer. | ||
<li>Added optional <a href="https://man.openbsd.org/iked">iked(8)</a> time-stamp validation for OCSP. | <li>Added optional <a href="https://man.openbsd.org/iked">iked(8)</a> time-stamp validation for OCSP. | ||
<li>Added a 30 second timeout for OCSP requests in <a href="https://man.openbsd.org/iked">iked(8)</a>. | <li>Added a 30 second timeout for OCSP requests in <a href="https://man.openbsd.org/iked">iked(8)</a>. |