Manualshelf

HP-UX IPSec A.03.01.01 Release Notes (HP-UX 11i Version 3)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
2 New and changed features
New and changed features in A.03.01.01
The A.03.01.01 release of HP-UX IPSec introduces the following changes:
Revised requirement for OpenSSL software
HP-UX IPSec now requires version A.00.09.08q or later. For more information, see “Software
requirements (page 17).
IKE support for D-H group 24
HP-UX IPSec now supports the Diffie-Hellman (D-H) group having Transform ID 24 for IKE. The
group is used with the IKE protocol to provide security for Internet communications. The IKE
protocol was defined by the Internet Engineering Task Force (IETF) and is used for setting up
a security association (SA) in the IPsec protocol suite. The D-H group 24 is described in RFC
5114. For more information, see the RFC 5114 at the following IETF web page:
http://tools.ietf.org/html/rfc5114
New option for configuration of D-H group 24
The HP-UX IPSec ipsec_config command has been enhanced to allow you to configure
D-H group 24. Specify group 24 with the ipsec_config add ikev1 or ipsec_config
add ikev2 command. HP-UX IPSec also supports configuration of groups 2, 5, and 14.
The following command example configures D-H group 24 for an IKEv1 policy:
%ipsec_config add ikev1 policy_name -remote 192.6.1.1/32 \
-group 24 hash MD5 encryption 3DES -pfs OFF
The following command changes the default IKEv1 policy to include D-H group 24:
%ipsec_config add ikev1 default group 24 \
hash MD5 encryption 3DES -pfs OFF
The following command configures D-H group 24 for an IKEv2 policy:
%ipsec_config add ikev2 policy_name -remote 192.6.1.1/32 \
-group 24 hash MD5 encryption 3DES -pfs OFF
The following command changes the default IKEv2 policy to include D-H group 24:
%ipsec_config add ikev2 default group 24 \
hash MD5 encryption 3DES -pfs OFF
New and changed features in A.03.00.01
With the A.03.00.01 release of HP-UX IPSec, the ipsec_config add csr command now
supports specifying multiple values (up to 20) for the following types of alternative names for the
subjectAlternativeName field of a certificate:
-alt-ipv4
-alt-fqdn
-alt-user_fqdn
Without this enhancement, if IPSec is being used with the Secure Resource Partitions (SRP) product,
then each SRP would have to use the same ID when authenticating. For more information about
SRP, see the HP-UX Security Manuals web page at the following location:
http://www.hp.com/go/hpux-security-docs (select HP-UX Secure Resource Partitions (SRP) Software)
6 New and changed features