| #
bbe6d264 |
| 04-Jan-2017 |
mikeb <mikeb@openbsd.org> |
Remove modular exponential groups specified in RFC5114
Brought up by doug@, ok reyk, djm, doug
|
| #
58646aa1 |
| 28-Nov-2016 |
mikeb <mikeb@openbsd.org> |
ikelifetime time spec is the same the one for lifetime
|
| #
0e800071 |
| 09-Dec-2015 |
naddy <naddy@openbsd.org> |
Remove plain DES encryption from IPsec.
DES is insecure since brute force attacks are practical due to its
short key length.
This removes support for DES-CBC encryption in ESP and in IKE main
and q
Remove plain DES encryption from IPsec.
DES is insecure since brute force attacks are practical due to its
short key length.
This removes support for DES-CBC encryption in ESP and in IKE main
and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8).
ok mikeb@
show more ...
|
| #
b3954071 |
| 04-Nov-2015 |
mikeb <mikeb@openbsd.org> |
Support Chacha20-Poly1305 for Child SAs; ok reyk
|
| #
0aee06c6 |
| 01-Nov-2015 |
jmc <jmc@openbsd.org> |
replace "can not" with "cannot";
|
| #
34bdea39 |
| 31-Oct-2015 |
naddy <naddy@openbsd.org> |
pasto
|
| #
a559ffbe |
| 19-Oct-2015 |
naddy <naddy@openbsd.org> |
break long lines in examples; ok jmc@
|
| #
89c6794f |
| 14-Jul-2015 |
jmc <jmc@openbsd.org> |
clarification from trondd;
ok mikeb
|
| #
9dbd6965 |
| 28-Feb-2015 |
bentley <bentley@openbsd.org> |
Reduce usage of predefined strings in manpages.
Predefined strings are not very portable across troff implementations,
and they make the source much harder to read. Usually the intended
character ca
Reduce usage of predefined strings in manpages.
Predefined strings are not very portable across troff implementations,
and they make the source much harder to read. Usually the intended
character can be written directly.
No output changes, except for two instances where the incorrect escape
was used in the first place.
tweaks + ok schwarze@
show more ...
|
| #
71642210 |
| 15-Jan-2015 |
sobrado <sobrado@openbsd.org> |
tell the truth about DES.
joint work with djm@ and jsing@
ok djm@
|
| #
1244bb4c |
| 02-Jan-2015 |
sobrado <sobrado@openbsd.org> |
PFS stands for Perfect Forward Secrecy.
ok reyk@
|
| #
45135ebc |
| 27-Aug-2014 |
reyk <reyk@openbsd.org> |
Add support for Curve25519 using the public domain code that is found
in OpenSSH. The "private use" DH group 1034 is based on the value
that was picked by strongswan recently.
OK mikeb@ markus@
|
| #
547eb84d |
| 25-Aug-2014 |
reyk <reyk@openbsd.org> |
Add support for DH groups 27-30 using the Brainpool curves which have
previously been added to LibreSSL's libcrypto.
ok markus@ mikeb@
|
| #
87438271 |
| 05-Aug-2014 |
reyk <reyk@openbsd.org> |
Fix an example, nat-to requires to specify the "out" direction in pf rules.
From "Vigdis" via misc@
can go in deraadt@
|
| #
d121e894 |
| 06-May-2014 |
jmc <jmc@openbsd.org> |
zap stray word; ok markus
|
| #
6e1880a3 |
| 06-May-2014 |
markus <markus@openbsd.org> |
initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey
events while we are busy initiating child-SAs; ok mikeb@
|
| #
b9356981 |
| 28-Apr-2014 |
jmc <jmc@openbsd.org> |
macro fixes for previous; ok reyk
|
| #
58d6ccef |
| 28-Apr-2014 |
reyk <reyk@openbsd.org> |
bump copyright
|
| #
6f5ce6e4 |
| 28-Apr-2014 |
reyk <reyk@openbsd.org> |
Add missing documentation for ipcomp(4) support and the configuration
payloads.
ok sthen@ krw@
|
| #
6d3b905b |
| 17-Feb-2014 |
markus <markus@openbsd.org> |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"'
ok mikeb@
|
| #
5e8568e2 |
| 01-Nov-2013 |
henning <henning@openbsd.org> |
altq -> new queue in examples
From: Arto Jonsson <ajonsson at kapsi.fi>
|
| #
d69fc7e0 |
| 16-Jul-2013 |
schwarze <schwarze@openbsd.org> |
Add missing .Mt macros for AUTHORS email addresses.
From Jan Stary <hans at stare dot cz>.
ok jmc@
|
| #
b9b9e6ba |
| 22-May-2013 |
sthen <sthen@openbsd.org> |
Move the gmac/null ciphers to a different table block, clearly labelled as
not doing encryption. ok reyk@
|
| #
353c6d0f |
| 05-Mar-2013 |
sobrado <sobrado@openbsd.org> |
cross referencing the manual page is better.
change suggested and ok'd by jmc@
|
| #
7fc4146a |
| 05-Mar-2013 |
sobrado <sobrado@openbsd.org> |
fix program name used in AUTHORS section.
ok mikeb@
|