Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#75 HMAC-SHA2 incompatibilities with recent OpenBSD

open
nobody
None
5
2010-02-02
2010-02-02
Anonymous
No

OpenBSD recently made fixes to their HMAC-SHA2 implementation:

http://marc.info/?l=openbsd-cvs&m=126312766621593&w=2

After upgrading from OpenBSD 4.4 to a pre-4.7 snapshot (hence picking up their changes), tunnels using HMAC-SHA2 with remote endpoints running racoon stopped passing traffic. Switching to HMAC-SHA1 allowed these tunnels to pass traffic again.

I don't pretend to understand exactly what's involved with the Linux IPsec implementation and how it relates to racoon in this case, so please accept my apologies if racoon isn't the proper place to make corresponding updates.

Discussion

  • John Morrissey
    John Morrissey
    2010-02-02

    D'oh, I didn't realize I wasn't logged into SourceForge when I posted this.