From a33f6c50aa625c37b886f828145d4593352b9e84 Mon Sep 17 00:00:00 2001
From: tobhe <tobhe@cvs.openbsd.org>
Date: Tue, 28 Apr 2020 15:18:53 +0000
Subject: Remove support for insecure EC2N groups.  Clarify which
 Diffie-Hellman groups are not recommended to use and are only supported for
 backwards compatibility.

Feedback from sthen@
ok kn@
---
 sbin/iked/ikev2.h | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'sbin/iked/ikev2.h')

diff --git a/sbin/iked/ikev2.h b/sbin/iked/ikev2.h
index 1a0a987e978..09a28a4397b 100644
--- a/sbin/iked/ikev2.h
+++ b/sbin/iked/ikev2.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.h,v 1.31 2019/12/03 12:38:34 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.h,v 1.32 2020/04/28 15:18:52 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -230,8 +230,6 @@ extern struct iked_constmap ikev2_xformauth_map[];
 #define IKEV2_XFORMDH_NONE		0	/* No DH */
 #define IKEV2_XFORMDH_MODP_768		1	/* DH Group 1 */
 #define IKEV2_XFORMDH_MODP_1024		2	/* DH Group 2 */
-#define IKEV2_XFORMDH_EC2N_155		3	/* DH Group 3 */
-#define IKEV2_XFORMDH_EC2N_185		4	/* DH Group 3 */
 #define IKEV2_XFORMDH_MODP_1536		5	/* DH Group 5 */
 #define IKEV2_XFORMDH_MODP_2048		14	/* DH Group 14 */
 #define IKEV2_XFORMDH_MODP_3072		15	/* DH Group 15 */
-- 
cgit v1.2.3