Skip to content
Commit c9c0cf4c authored by Benedict Wong's avatar Benedict Wong
Browse files

Update MODP groups for IKEv2/IPsec VPNs 

This commit improves security by removing MODP groups that are
considered to be breakable in the near-future, and adding support for
ones that are more highly recommended.

3072 and 4096 are added based on the IANA constants, and are already
supported in the IKEv2 library.

This commit is made in line with recommendations in RFC 8247:
https://tools.ietf.org/html/rfc8247#section-2.4

Bug: 154056830
Test: FrameworksNetTests, FrameworksIkeTests passing, manually tested.
Change-Id: I941dbbfc2d6be693869ba6213590a07f3eac4bc7
parent c042e448
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment