Obsolete Releases > SME 8.x Contribs

[HOWTO] Openswan/IPsec on SME Server

<< < (2/2)

ReetP:

--- Quote from: guest22 on January 26, 2017, 01:53:38 PM ---Why would we want to build our own package whilst epel repo has it?

--- End quote ---

Because it is old :-)

If we don't use the version from EPEL and use our own the we really should try and use the latest IMHO.

https://download.libreswan.org/CHANGES

Hence I am testing 3.19 at the minute, and would suggest that we update our repo to at least 3.18

3.15 has a bug with certificates so the minimum level should really be 3.16


--- Quote ---https://libreswan.org/wiki/FAQ#Libreswan_is_vulnerable_to_NSS_CVE-2014-1568_RSA_Signature_Forgery

Libreswan is vulnerable to NSS CVE-2014-1568 RSA Signature Forgery
Please upgrade NSS to one of 3.17.1, 3.16.1 or 3.16.5.

This only affects libreswan when using X.509 certificates. Raw RSA keys using leftrsasigkey/rightrsasigkey are not affected. Connections using auth=secret (PSK) are also not affected.

See Mozilla Foundation Security Advisory 2014-73

--- End quote ---

So if you want to use certificates as per the latest version of my contrib....

B. Rgds
JC

Navigation

[0] Message Index

[*] Previous page

Go to full version