Implementing RFC 8247
RFC 8247 mandates that support for certain algorithms is removed and for certain others is added for IKEv2:
Removed: E.g. prf-md5, hmac-md5, null encryption, modp1024s160, modp768
Added: E.g. RSASSA-PSS
Somebody will ineviteably ask for it.
proposal: Remove MD5 from default IKE proposal
RFC 8247 demoted MD5 to MUST NOT.
proposal: Remove MODP-1024 from default IKE proposal
RFC 8247 demoted it to SHOULD NOT. This might break connections with
Windows clients unless they are configured to use a stronger group or
matching weak proposals are configured explicitly on the server.
ikev2: Don't use SHA-1 for RFC 7427 signature authentication
RFC 8247 demoted it to MUST NOT.
Merge branch 'rsassa-pss'
This adds support for RSASSA-PSS signatures in IKEv2 digital signature
authentication (RFC 7427), certificates and CRLs etc., and when signing
credentials via pki tool. For interoperability with older versions, the
default is to use classic PKCS#1 signatures. To use PSS padding either enable
rsa_pss via strongswan.conf or explicitly use it either via ike:rsa/pss...
auth token or the --rsa-padding option of the pki tool.