IPsec: Does cOS Core support Pseudo-Random Functions (PRFs) according to RFC-4868?

Frequently Asked Questions
Post Reply
Peter
Posts: 671
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

IPsec: Does cOS Core support Pseudo-Random Functions (PRFs) according to RFC-4868?

Post by Peter » 02 Dec 2019, 11:31

This FAQ applies to:
  • cOS Core version 10.21 and above

Question:
I have a system that uses Pseudo-Random Functions (PRFs) by default on all our IPsec tunnels and we cannot change this option to avoid it affecting all configured IPsece tunnels. Do Clavister support PRF in some way?

Answer:
Yes, with the introduction of SHA-256 and SHA-512 in version 10.21 we also support PRF. Please note that only these two integrity algorithms support PRF.

Note: Support for SHA-384 will be added in version 13.00.01. Then there will be three integrity algorithms available that support PRF.

Post Reply