Buscar

Este contenido no está disponible en el idioma seleccionado.

1.102. Openswan

download PDF

1.102.1. RHEA-2010:0444: enhancement update

Updated openswan packages that implement Diffie-Hellman groups 22, 23 and 24 from RFC 5114 are now available.
Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE) for Linux. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the IPsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network, or VPN.
These packages contain the daemons and userland tools for setting up openswan. They support the NETKEY/XFRM IPsec stack in the default Linux kernel. The openswan 2.6.x-series also supports IKEv2 as described in RFC 4309.
This update adds the following enhancement:
* RFC 5114, Additional Diffie-Hellman Groups for Use with IETF Standards, adds eight Diffie-Hellman groups (three prime modulus groups and five elliptic curve groups) to the extant 21 groups set out in previous RFCs (eg RFCs 2409, 3526 and 4492) for use with IKE, TLS, SSH and so on.
This update implements groups 22, 23 and 24: a 1024-bit MODular exPonential (MODP) Group with 160-bit Prime Order Subgroup; a 2048-bit MODP Group with 224-bit Prime Order Subgroup; and a 2048-bit MODP Group with 256-bit Prime Order Subgroup respectively. ( BZ#591104)
Note: implementation of group 24 (a 2048-bit MODP Group with 256-bit Prime Order Subgroup) is required for US National Institute of Standards and Technology (NIST) IPv6 compliance and ongoing FIPS-140 certification.
All openswan users should install these updated packages, which add this enhancement.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.