Bug 1676590

Summary: system wide crypto policies requires libreswan backend file update to prevent IKE_INIT packet fragmentation
Product: Red Hat Enterprise Linux 8 Reporter: Paul Wouters <pwouters>
Component: crypto-policiesAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact: Ondrej Moriš <omoris>
Severity: high Docs Contact:
Priority: high    
Version: 8.0CC: jaster, mthacker, nmavrogi, omoris, tmraz, wchadwic
Target Milestone: rc   
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: crypto-policies-20181217-6.git9a35207.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1664101 Environment:
Last Closed: 2019-06-14 01:18:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1664101    
Bug Blocks:    
Attachments:
Description Flags
libreswan update to prevent IKE_INIT fragmentation none

Comment 2 Paul Wouters 2019-02-12 16:50:53 UTC
Created attachment 1534149 [details]
libreswan update to prevent IKE_INIT fragmentation

This patch requires libreswan >= 3.27-8

It assumes we prefer chacha20_poly1305 over aes_gcm128
It assumes we prefer dh19 (ECP_256) over dh31 (curve 25519)