diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2012-07-13 15:16:19 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2012-07-13 15:16:19 +0000 |
| commit | d7bd49c8c13df8bd89e576e3645a9cf664118443 (patch) | |
| tree | 94cd02eeae24a00fbc93dd2e2d4e53f8ea4727e6 /sbin/isakmpd | |
| parent | 62e6cd318955abfa5f563dfd7e12d71ff3b9cb62 (diff) | |
Support additional MODP DH groups in the Phase 1 and Phase 2.
lteo@ noticed that ipsecctl allowed them within the ike rules
while isakmpd failed to load the generated configuration.
The fix was verified by hshoexer, ok naddy
Diffstat (limited to 'sbin/isakmpd')
| -rw-r--r-- | sbin/isakmpd/conf.c | 7 | ||||
| -rw-r--r-- | sbin/isakmpd/isakmpd.policy.5 | 7 |
2 files changed, 8 insertions, 6 deletions
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c index 71ae01641ae..bf1a55abc49 100644 --- a/sbin/isakmpd/conf.c +++ b/sbin/isakmpd/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.100 2012/06/30 14:51:31 naddy Exp $ */ +/* $OpenBSD: conf.c,v 1.101 2012/07/13 15:16:18 mikeb Exp $ */ /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ /* @@ -482,9 +482,10 @@ conf_load_defaults(int tr) char *mm_enc_p[] = {"DES", "BLF", "3DES", "CAST", "AES", "AES-128", "AES-192", "AES-256", 0}; char *dhgroup[] = {"MODP_1024", "MODP_768", "MODP_1024", - "MODP_1536", "MODP_2048", "MODP_3072", 0}; + "MODP_1536", "MODP_2048", "MODP_3072", "MODP_4096", + "MODP_6144", "MODP_8192", 0}; char *dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14", - "-GRP15", 0}; + "-GRP15", "-GRP16", "-GRP17", "-GRP18", 0}; char *qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES", "AES", "AES", "AES", "AES_CTR", "AES_CTR", "AES_CTR", "AES_CTR", "AES_GCM_16", diff --git a/sbin/isakmpd/isakmpd.policy.5 b/sbin/isakmpd/isakmpd.policy.5 index 1c3627a1dc8..915ee6d7861 100644 --- a/sbin/isakmpd/isakmpd.policy.5 +++ b/sbin/isakmpd/isakmpd.policy.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.policy.5,v 1.45 2011/09/29 17:57:09 jmc Exp $ +.\" $OpenBSD: isakmpd.policy.5,v 1.46 2012/07/13 15:16:18 mikeb Exp $ .\" $EOM: isakmpd.policy.5,v 1.24 2000/11/23 12:55:25 niklas Exp $ .\" .\" Copyright (c) 1999-2001, Angelos D. Keromytis. All rights reserved. @@ -26,7 +26,7 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd $Mdocdate: September 29 2011 $ +.Dd $Mdocdate: July 13 2012 $ .Dt ISAKMPD.POLICY 5 .Os .Sh NAME @@ -311,7 +311,8 @@ above). If more than one of these attributes are set to a value other than zero, they should have the same value (in valid IKE proposals). Valid values are 1 (768-bit MODP), 2 (1024-bit MODP), 3 (155-bit EC), -4 (185-bit EC), and 5 (1536-bit MODP). +4 (185-bit EC), 5 (1536-bit MODP), 14 (2048-bit MODP), 15 (3072-bit MODP), +16 (4096-bit MODP), 17 (6144-bit MODP), and 18 (8192-bit MODP). .It ah_hash_alg One of .Va md5 , |