Page 1 of 1

IPsec: Does cOS Core support Pseudo-Random Functions (PRFs) according to RFC-4868?

Posted: 02 Dec 2019, 11:31
by Peter
This FAQ applies to:
  • cOS Core version 10.21 and above

I have a system that uses Pseudo-Random Functions (PRFs) by default on all our IPsec tunnels and we cannot change this option to avoid it affecting all configured IPsece tunnels. Do Clavister support PRF in some way?

Yes, with the introduction of SHA-256 and SHA-512 in version 10.21 we also support PRF. Please note that only these two integrity algorithms support PRF.

Update: Support for SHA-384 was added in version 13.00.01. Now there are three integrity algorithms available that support PRF.