HP-UX IPSec A.03.01.01 Release Notes (HP-UX 11i Version 3)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Contents

1 HP-UX IPSec overview.................................................................................5

2 New and changed features.........................................................................6

New and changed features in A.03.01.01...................................................................................6

New and changed features in A.03.00.01...................................................................................6

New and changed features in A.03.00.00..................................................................................8

IKE policy changes...............................................................................................................9

Support for IKE version 2.................................................................................................9

IKEv1 and IKEv2 policies replace IKE policies.....................................................................9

default IKEv1 and IKEv2 policies.......................................................................................9

The ipsec_config add ike command is deprecated...............................................................9

IKE DES encryption is obsolete..........................................................................................9

IKEv1 Perfect Forward Secrecy supported with keys only.....................................................10

IKE support for multiple hash, encryption, and group values................................................10

IKE support for Diffie-Hellman groups 5 and 14.................................................................10

IKE support for AES128-CBC encryption...........................................................................10

Authentication record changes.............................................................................................10

Authentication records are mandatory..............................................................................10

Authentication records include a priority alue....................................................................10

Authentication records specify the IKE (key management protocol) version............................11

Authentication records support the AUTOCONF flag..........................................................11

Authentication records support subtrees and address ranges for remote ID matching..............11

Hexadecimal storage for preshared key values starting with 0x...........................................11

Host and tunnel policy changes...........................................................................................11

Nested transforms and DES transforms are obsolete...........................................................11

Support for fallback to clear in host policies......................................................................11

Support for multiple source and destination arguments in host and tunnel policies..................11

Support for IP Address and port number ranges in host policies...........................................12

Support for IP Address ranges in tunnel policies................................................................12

Port numbers and services are ignored in tunnel policies.....................................................12

Support for ICMPv4 and ICMPv6 type codes in host policies..............................................12

Support for IPv6 mobility header type codes in host policies...............................................12

Certificate changes............................................................................................................12

The ipsec_config add cert command is deprecated............................................................12

Support for 4096 bit key pairs for certificates...................................................................12

Support for PKCS#12 certificates.....................................................................................12

Certificate retrieval from LDAP directories..........................................................................13

Support for multiple level Public Key Infrastructures.............................................................13

Certificate revocation list cron file change.........................................................................13

Support for RFC 4301 security processing for ICMP errors.......................................................13

Profile file changes.............................................................................................................13

Mobile IPv6 support is obsolete...........................................................................................13

Gateway policies are obsolete.............................................................................................14

3 Known problems that have been fixed.........................................................15

Known problems fixed in IPSec A.03.00.01................................................................................15

Known problems fixed in IPSec A.03.00.00...............................................................................15

4 Known problems and limitations.................................................................16

5 Compatibility and installation requirements..................................................17

Operating system and version compatibility...............................................................................17

Software requirements.............................................................................................................17

Contents 3