VPNaaS: enable sha384/sha512 auth algorithms for *Swan drivers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Hunt Xu |
Bug Description
When adding sha384 and sha512 auth algorithms for vendor drivers(bug #1638152), the commit message said "Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't support" sha384 and sha512 as auth algorithms. However, after some research, all the *Swan drivers do support these two algorithms. So it is better to enable sha384/sha512 with *Swan drivers for security improvements.
- For StrongSwan, wiki pages back in Mid 2014: [1][2].
- For LibreSwan, wiki page back in May 2016: [3].
- For OpenSwan, it is not well documented. However, the code last changed in Jan 2014 shows its awareness of these two algorithms: [4]
[1]. https:/
[2]. https:/
[3]. https:/
[4]. https:/
description: | updated |
Changed in neutron: | |
status: | In Progress → New |
summary: |
- [RFE] VPNaaS: enable sha384/sha512 auth algorithms for *Swan drivers + VPNaaS: enable sha384/sha512 auth algorithms for *Swan drivers |
Changed in neutron: | |
importance: | Undecided → Medium |
Changed in neutron: | |
status: | New → In Progress |
Fix proposed to branch: master /review. openstack. org/541250
Review: https:/