HP-UX IPSec A.03.00 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Table of Contents

Overview.................................................................................................................................................7

HP-UX IPSec......................................................................................................................................7

New and Changed Features...................................................................................................................7

IKE Policy Changes...........................................................................................................................8

Support for IKE Version 2............................................................................................................8

IKEv1 and IKEv2 Policies Replace IKE Policies...........................................................................8

default IKEv1 and IKEv2 Policies............................................................................................8

The ipsec_config add ike Command is Deprecated..........................................................8

IKE DES Encryption Is Obsolete..................................................................................................9

IKEv1 Perfect Forward Secrecy with Keys Only..........................................................................9

IKE Support for Multiple Hash, Encryption, and Group Values................................................9

IKE Support for Diffie-Hellman Groups 5 and 14.......................................................................9

IKE Support for AES128-CBC Encryption...................................................................................9

Authentication Record Changes.......................................................................................................9

Authentication Records are Mandatory......................................................................................9

Authentication Records Include a Priority Value......................................................................10

Authentication Records Specify the IKE (Key Management Protocol) Version........................10

Authentication Records Support the AUTOCONF Flag...............................................................10

Authentication Records Support Subtrees and Address Ranges for Remote ID Matching......10

Hexadecimal Storage for Preshared Key Values Starting with 0x............................................10

Host and Tunnel Policy Changes.....................................................................................................10

Nested Transforms and DES Transforms Are Obsolete.............................................................10

Support for Fallback to Clear in Host Policies...........................................................................10

Support for Multiple Source and Destination Arguments in Host and Tunnel Policies...........11

Support for IP Address and Port Number Ranges in Host Policies..........................................11

Support for IP Address Ranges in Tunnel Policies....................................................................11

Port Numbers and Services are Ignored in Tunnel Policies.......................................................11

Support for ICMPv4 and ICMPv6 Type Codes in Host Policies................................................11

Support for IPv6 Mobility Header Type Codes in Host Policies...............................................11

Certificate Changes..........................................................................................................................11

The ipsec_config add cert Command is Deprecated......................................................11

Support for 4096 Bit Key Pairs for Certificates...........................................................................12

Support for PKCS#12 Certificates..............................................................................................12

Certificate Retrieval from LDAP Directories.............................................................................12

Support for Multiple Level Public Key Infrastructures.............................................................12

Certificate Revocation List cron File Change...........................................................................12

Support for RFC 4301 Security Processing for ICMP Errors...........................................................12

Profile File Changes.........................................................................................................................12

Mobile IPv6 Support Is Obsolete.....................................................................................................13

Gateway Policies Are Obsolete........................................................................................................13

Known Problems Fixed in This Version...............................................................................................13

Known Problems and Limitations........................................................................................................13

Compatibility and Installation Requirements......................................................................................15

Operating System and Version Compatibility................................................................................15

Software Requirements....................................................................................................................15

Disk Requirements..........................................................................................................................15

Hardware Requirements.................................................................................................................15

Public Key Infrastructure Requirements.........................................................................................15

Multiple Level CA Requirements..............................................................................................16

Migrating to HP-UX IPSec A.03.00.......................................................................................................17

Post-Installation Migration Instructions..........................................................................................17

Table of Contents 3