Manualshelf

HP-UX IPSec A.03.00.01 Release Notes (HP-UX 11i Version 3)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
Contents
1 HP-UX IPSec overview.................................................................................5
2 New and changed features.........................................................................6
New and changed features in A.03.00.01...................................................................................6
New and changed features in A.03.00.00..................................................................................7
IKE policy changes...............................................................................................................8
Support for IKE version 2.................................................................................................8
IKEv1 and IKEv2 policies replace IKE policies.....................................................................8
default IKEv1 and IKEv2 policies.......................................................................................9
The ipsec_config add ike command is deprecated...............................................................9
IKE DES encryption is obsolete..........................................................................................9
IKEv1 Perfect Forward Secrecy supported with keys only.......................................................9
IKE support for multiple hash, encryption, and group values..................................................9
IKE support for Diffie-Hellman groups 5 and 14...................................................................9
IKE support for AES128-CBC encryption...........................................................................10
Authentication record changes.............................................................................................10
Authentication records are mandatory..............................................................................10
Authentication records include a priority alue....................................................................10
Authentication records specify the IKE (key management protocol) version............................10
Authentication records support the AUTOCONF flag..........................................................10
Authentication records support subtrees and address ranges for remote ID matching..............10
Hexadecimal storage for preshared key values starting with 0x...........................................11
Host and tunnel policy changes...........................................................................................11
Nested transforms and DES transforms are obsolete...........................................................11
Support for fallback to clear in host policies......................................................................11
Support for multiple source and destination arguments in host and tunnel policies..................11
Support for IP Address and port number ranges in host policies...........................................11
Support for IP Address ranges in tunnel policies................................................................11
Port numbers and services are ignored in tunnel policies.....................................................11
Support for ICMPv4 and ICMPv6 type codes in host policies..............................................12
Support for IPv6 mobility header type codes in host policies...............................................12
Certificate changes............................................................................................................12
The ipsec_config add cert command is deprecated............................................................12
Support for 4096 bit key pairs for certificates...................................................................12
Support for PKCS#12 certificates.....................................................................................12
Certificate retrieval from LDAP directories..........................................................................12
Support for multiple level Public Key Infrastructures.............................................................12
Certificate revocation list cron file change.........................................................................13
Support for RFC 4301 security processing for ICMP errors.......................................................13
Profile file changes.............................................................................................................13
Mobile IPv6 support is obsolete...........................................................................................13
Gateway policies are obsolete.............................................................................................13
3 Known problems that have been fixed.........................................................14
Known problems fixed in IPSec A.03.00.01................................................................................14
Known problems fixed in IPSec A.03.00.00...............................................................................14
Contents 3