diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2019-04-02 09:42:56 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2019-04-02 09:42:56 +0000 |
| commit | 16dc8a8183fef26d9c937eebae652e213904f920 (patch) | |
| tree | 663cc5d8c54c20fe0bef7629c96392b3a3f26f8a /sbin/iked/ikev2.h | |
| parent | 1af1b4fd78b00587889f7bd576e226715f2665f5 (diff) | |
When curve25519 was added to iked, it was based on the internet-draft and
used a private-use group number. Switch to the group number assigned in
RFC8031 as used in other implementations.
"this is the right time" deraadt@ "I like the idea" reyk@
If you use iked<>iked and have configured curve25519 in iked.conf (this
is not the default), you can switch to another PFS group before updating
then switch back. OpenBSD 6.3+ allows multiple "ikesa" lines so the
initiator can choose which to use.
Diffstat (limited to 'sbin/iked/ikev2.h')
| -rw-r--r-- | sbin/iked/ikev2.h | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/sbin/iked/ikev2.h b/sbin/iked/ikev2.h index 2b4bead5d42..7d3f8fdd4d0 100644 --- a/sbin/iked/ikev2.h +++ b/sbin/iked/ikev2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.h,v 1.28 2019/02/27 06:33:57 sthen Exp $ */ +/* $OpenBSD: ikev2.h,v 1.29 2019/04/02 09:42:55 sthen Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -231,16 +231,16 @@ extern struct iked_constmap ikev2_xformauth_map[]; #define IKEV2_XFORMDH_MODP_4096 16 /* DH Group 16 */ #define IKEV2_XFORMDH_MODP_6144 17 /* DH Group 17 */ #define IKEV2_XFORMDH_MODP_8192 18 /* DH Group 18 */ -#define IKEV2_XFORMDH_ECP_256 19 /* DH Group 19 */ -#define IKEV2_XFORMDH_ECP_384 20 /* DH Group 20 */ -#define IKEV2_XFORMDH_ECP_521 21 /* DH Group 21 */ -#define IKEV2_XFORMDH_ECP_192 25 /* DH Group 25 */ -#define IKEV2_XFORMDH_ECP_224 26 /* DH Group 26 */ -#define IKEV2_XFORMDH_BRAINPOOL_P224R1 27 /* DH Group 27 */ -#define IKEV2_XFORMDH_BRAINPOOL_P256R1 28 /* DH Group 28 */ -#define IKEV2_XFORMDH_BRAINPOOL_P384R1 29 /* DH Group 29 */ -#define IKEV2_XFORMDH_BRAINPOOL_P512R1 30 /* DH Group 30 */ -#define IKEV2_XFORMDH_X_CURVE25519 1034 /* draft-ietf-ipsecme-safecurves-00 */ +#define IKEV2_XFORMDH_ECP_256 19 /* RFC5114 */ +#define IKEV2_XFORMDH_ECP_384 20 /* RFC5114 */ +#define IKEV2_XFORMDH_ECP_521 21 /* RFC5114 */ +#define IKEV2_XFORMDH_ECP_192 25 /* RFC5114 */ +#define IKEV2_XFORMDH_ECP_224 26 /* RFC5114 */ +#define IKEV2_XFORMDH_BRAINPOOL_P224R1 27 /* RFC6954 */ +#define IKEV2_XFORMDH_BRAINPOOL_P256R1 28 /* RFC6954 */ +#define IKEV2_XFORMDH_BRAINPOOL_P384R1 29 /* RFC6954 */ +#define IKEV2_XFORMDH_BRAINPOOL_P512R1 30 /* RFC6954 */ +#define IKEV2_XFORMDH_CURVE25519 31 /* RFC8031 */ extern struct iked_constmap ikev2_xformdh_map[]; |