On Tue, Jun 09, 2020 at 05:54:02PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebigg...@google.com> > > The crypto algorithms selected by the ESP and AH kconfig options are > out-of-date with the guidance of RFC 8221, which lists the legacy > algorithms MD5 and DES as "MUST NOT" be implemented, and some more > modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented. > But the options select the legacy algorithms, not the modern ones. > > Therefore, modify these options to select the MUST algorithms -- > and *only* the MUST algorithms. > > Also improve the help text. > > Suggested-by: Herbert Xu <herb...@gondor.apana.org.au> > Suggested-by: Steffen Klassert <steffen.klass...@secunet.com> > Cc: Corentin Labbe <cla...@baylibre.com> > Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org> > Signed-off-by: Eric Biggers <ebigg...@google.com> > --- > net/ipv4/Kconfig | 21 +++++++++++++++++++-- > net/ipv6/Kconfig | 21 +++++++++++++++++++-- > net/xfrm/Kconfig | 15 +++++++++------ > 3 files changed, 47 insertions(+), 10 deletions(-)
Acked-by: Herbert Xu <herb...@gondor.apana.org.au> -- Email: Herbert Xu <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
