diff options
| author | Christian Weisgerber <naddy@cvs.openbsd.org> | 2015-05-25 19:29:37 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@cvs.openbsd.org> | 2015-05-25 19:29:37 +0000 |
| commit | f9069816748b41586c69739e20f7ff7dcdf1a40f (patch) | |
| tree | 9cd53b6a7833bb75e268c8f1127e8815df92315b | |
| parent | a92c89fbc30f163a4faaed85fefcc24d75cd7341 (diff) | |
bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@
| -rw-r--r-- | sbin/ipsecctl/ike.c | 6 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c index f638d987cdd..f4638c612bb 100644 --- a/sbin/ipsecctl/ike.c +++ b/sbin/ipsecctl/ike.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike.c,v 1.79 2015/01/16 06:39:58 deraadt Exp $ */ +/* $OpenBSD: ike.c,v 1.80 2015/05/25 19:29:36 naddy Exp $ */ /* * Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -362,7 +362,7 @@ ike_section_p2(struct ipsec_rule *r, FILE *fd) return (-1); } } else - group_desc = "MODP_1024"; + group_desc = "MODP_3072"; /* the transform name must not include "," */ if (key_length && (p = strchr(key_length, ',')) != NULL) @@ -531,7 +531,7 @@ ike_section_p1(struct ipsec_rule *r, FILE *fd) return (-1); }; } else - group_desc = "MODP_1024"; + group_desc = "MODP_3072"; switch (r->ikeauth->type) { case IKE_AUTH_PSK: diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index 2abe006b040..abb80f1c6bc 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.148 2015/02/28 21:51:57 bentley Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.149 2015/05/25 19:29:36 naddy Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 28 2015 $ +.Dd $Mdocdate: May 25 2015 $ .Dt IPSEC.CONF 5 .Os .Sh NAME @@ -345,7 +345,7 @@ will use the default values .Ar main , .Ar hmac-sha1 , .Ar aes , -.Ar modp1024 , +.Ar modp3072 , and .Ar 3600 . .It Xo |