On Tue, Jun 09, 2020 at 05:54:02PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > The crypto algorithms selected by the ESP and AH kconfig options are > out-of-date with the guidance of RFC 8221, which lists the legacy > algorithms MD5 and DES as "MUST NOT" be implemented, and some more > modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented. > But the options select the legacy algorithms, not the modern ones. > > Therefore, modify these options to select the MUST algorithms -- > and *only* the MUST algorithms. > > Also improve the help text. > > Suggested-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Suggested-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> > Cc: Corentin Labbe <clabbe@xxxxxxxxxxxx> > Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > --- > net/ipv4/Kconfig | 21 +++++++++++++++++++-- > net/ipv6/Kconfig | 21 +++++++++++++++++++-- > net/xfrm/Kconfig | 15 +++++++++------ > 3 files changed, 47 insertions(+), 10 deletions(-) Acked-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt