Skip to content
Commit cf7744dc authored by Benedict Wong's avatar Benedict Wong
Browse files

Update MODP groups for IKEv2/IPsec VPNs 

This commit improves security by removing MODP groups that are
considered to be breakable in the near-future, and adding support for
ones that are more highly recommended.

3072 and 4096 are added based on the IANA constants, and are already
supported in the IKEv2 library.

This commit is made in line with recommendations in RFC 8247:
https://tools.ietf.org/html/rfc8247#section-2.4

Bug: 154056830
Test: FrameworksNetTests, FrameworksIkeTests passing, manually tested.
Change-Id: I941dbbfc2d6be693869ba6213590a07f3eac4bc7
Merged-In: I941dbbfc2d6be693869ba6213590a07f3eac4bc7
(cherry picked from commit f33cf5bd76a0e6a4a105bd606a94b24dfbbc86ef)
parent 4fab2954
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment