Bug 1676590
| Summary: | system wide crypto policies requires libreswan backend file update to prevent IKE_INIT packet fragmentation | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Paul Wouters <pwouters> | ||||
| Component: | crypto-policies | Assignee: | Tomas Mraz <tmraz> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ondrej Moriš <omoris> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 8.0 | CC: | jaster, mthacker, nmavrogi, omoris, tmraz, wchadwic | ||||
| Target Milestone: | rc | ||||||
| Target Release: | 8.0 | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | crypto-policies-20181217-6.git9a35207.el8 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | 1664101 | Environment: | |||||
| Last Closed: | 2019-06-14 01:18:23 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1664101 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
Created attachment 1534149 [details] libreswan update to prevent IKE_INIT fragmentation This patch requires libreswan >= 3.27-8 It assumes we prefer chacha20_poly1305 over aes_gcm128 It assumes we prefer dh19 (ECP_256) over dh31 (curve 25519)