diff options
| author | Christian Weisgerber <naddy@cvs.openbsd.org> | 2015-12-09 21:41:51 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@cvs.openbsd.org> | 2015-12-09 21:41:51 +0000 |
| commit | 269c53634d852828f364f2ab5d2c0c602014d455 (patch) | |
| tree | 65177662c39722e3ec8d8a560bfb037d2d35dcee /sbin/isakmpd/pf_key_v2.c | |
| parent | c1d2897d759ec008f27fea1f8e5c398a6562b3e4 (diff) | |
Remove plain DES encryption from IPsec.
DES is insecure since brute force attacks are practical due to its
short key length.
This removes support for DES-CBC encryption in ESP and in IKE main
and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8).
ok mikeb@
Diffstat (limited to 'sbin/isakmpd/pf_key_v2.c')
| -rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index af3314d7fe8..22d865c0f22 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.195 2015/08/20 22:02:21 deraadt Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.196 2015/12/09 21:41:50 naddy Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -901,12 +901,6 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming, hashlen = ipsec_esp_authkeylength(proto); switch (proto->id) { - case IPSEC_ESP_DES: - case IPSEC_ESP_DES_IV32: - case IPSEC_ESP_DES_IV64: - ssa.sadb_sa_encrypt = SADB_EALG_DESCBC; - break; - case IPSEC_ESP_3DES: ssa.sadb_sa_encrypt = SADB_EALG_3DESCBC; break; |