webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,609 Commits 2 Branches 1 Tag
570d54fd84ead452753ac7fd498c7ee760caa3ff
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael Tremer 570d54fd84 IPsec: Drop SHA1 and MODP<=1536 from proposed ciphers 
IPsec is still proposing to use SHA1 and MODP-1536 or MODP-1024
when initiating a connection. These are considered weak although
many off-the-shelf hardware is still using this as defaults.

This patch disables those algorithms and additionally changes
default behaviour to only accept the configured cipher suites.

This might create some interoperability issues, but increases
security of IPFire-to-IPFire IPsec connections.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2017-04-05 11:42:55 +01:00
config
logwatch: Update to 7.4.3
2017-04-05 10:08:24 +01:00
doc
DNS: Show DNSSEC status on index page if deavtivated
2017-04-02 19:48:20 +01:00
html
IPsec: Drop SHA1 and MODP<=1536 from proposed ciphers
2017-04-05 11:42:55 +01:00
langs
DNS: Show DNSSEC status on index page if deavtivated
2017-04-02 19:48:20 +01:00
lfs
logwatch: Update to 7.4.3
2017-04-05 10:08:24 +01:00
src
ipsecctrl: Reload IPsec block rules after connection is deleted
2017-04-05 10:33:49 +01:00
tools
buildsystem: Escape curly brackets
2016-06-01 22:17:10 +01:00
.gitignore
Buildsystem: generate image md5sums.
2011-01-01 11:40:19 +01:00
.mailmap
Add .mailmap.
2010-01-22 11:37:55 +01:00
make.sh
core110: finish update
2017-04-03 23:04:03 +02:00
Description
No description provided
101 MiB
Languages
Perl 70.4%
Shell 23%
C 4%
Python 0.6%
Makefile 0.5%
Other 1.4%