diff options
author | tobhe <tobhe@cvs.openbsd.org> | 2021-03-15 22:29:18 +0000 |
---|---|---|
committer | tobhe <tobhe@cvs.openbsd.org> | 2021-03-15 22:29:18 +0000 |
commit | 6739b89b52a16895e7970ab84a1052db9ff36110 (patch) | |
tree | 0e1a16de21c6db01c4b8723606fbf5859c906038 /sbin/init | |
parent | 8d01540547773a58e55ce3e3740e9758c85e4e32 (diff) |
Ignore msg_ke in CREATE_CHILD_SA if DH negotiation results in group
'none' (disabling PFS). Fixes a bug when the initiator sends a KE
payload but the negotiation results in DH group "none".
For other DH group mismatches we send an INVALID_KE notify, for 'none'
we can just ignore the KE payload.
ok patrick@
Diffstat (limited to 'sbin/init')
0 files changed, 0 insertions, 0 deletions