[Pkg-swan-devel] [strongswan] 01/02: d/NEWS: add information about disabled algorithms

[Yves-Alexis Perez]

This is an automated email from the git hooks/post-receive script.

corsac pushed a commit to branch master
in repository strongswan.

commit d97dc1c94c3005c1c2cf846a6a135d5cc2c921f6
Author: Yves-Alexis Perez <corsac at corsac.net>
Date:   Thu Nov 30 14:05:56 2017 +0100

    d/NEWS: add information about disabled algorithms
    
    closes: #883072
---
 debian/NEWS | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/debian/NEWS b/debian/NEWS
index e94bb62..548d4fd 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,25 @@
+strongswan (5.6.1-2) UNRELEASED; urgency=medium
+
+  Starting 5.6.1, several algorithms were removed from the default ESP/AH and
+  IKEv2 proposals in compliance with RFC 8221[1] and RFC 8247[2],
+  respectively.
+  .
+  Removed from the default ESP/AH proposal were the 3DES and Blowfish
+  encryption algorithms and the HMAC-MD5 integrity algorithm.
+  .
+  From the IKEv2 default proposal the HMAC-MD5 integrity algorithm and the
+  MODP-1024 Diffie-Hellman group were removed (the latter is significant for
+  Windows clients in their default configuration).
+  .
+  These algorithms may still be used in custom proposals and MODP-2048 can be
+  enabled manually on Windows 7 clients [3].
+  .
+  [1] https://tools.ietf.org/html/rfc8221
+  [2] https://tools.ietf.org/html/rfc8247
+  [3] https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048
+
+ -- Yves-Alexis Perez <corsac at debian.org>  Thu, 30 Nov 2017 14:01:24 +0100
+
 strongswan (5.1.2-1) unstable; urgency=medium
 
   Starting 5.1.2, strongSwan natively support a configuration directory (in

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git