HP-UX IPSec A.03.02.02 Release Notes HP-UX 11i version 3 (766158-001, April 2014)
◦ “IKEv1 Perfect Forward Secrecy supported with keys only” (page 12)
◦ “IKE support for multiple hash, encryption, and group values” (page 12)
◦ “IKE support for Diffie-Hellman groups 5 and 14” (page 12)
◦ “IKE support for AES128-CBC encryption” (page 12)
• “Authentication record changes” (page 12)
“Authentication records are mandatory” (page 12)◦
◦ “Authentication records specify the IKE (key management protocol) version” (page 12)
◦ “Authentication records include a priority alue” (page 12)
◦ “Authentication records support the AUTOCONF flag” (page 13)
◦ “Authentication records support subtrees and address ranges for remote ID matching”
(page 13)
◦ “Hexadecimal storage for preshared key values starting with 0x” (page 13)
• “Host and tunnel policy changes” (page 13)
“Nested transforms and DES transforms are obsolete” (page 13)◦
◦ “Support for fallback to clear in host policies” (page 13)
◦ “Support for multiple source and destination arguments in host and tunnel policies”
(page 13)
◦ “Support for IP Address ranges in tunnel policies” (page 14)
◦ “Support for IP Address and port number ranges in host policies” (page 13)
◦ “Port numbers and services are ignored in tunnel policies” (page 14)
◦ “Support for ICMPv4 and ICMPv6 type codes in host policies” (page 14)
◦ “Support for IPv6 mobility header type codes in host policies” (page 14)
• “Certificate changes” (page 14)
“The ipsec_config add cert command is deprecated” (page 14)◦
◦ “Support for 4096 bit key pairs for certificates” (page 14)
◦ “Support for PKCS#12 certificates” (page 14)
◦ “Certificate retrieval from LDAP directories” (page 14)
◦ “Support for multiple level Public Key Infrastructures” (page 15)
◦ “Certificate revocation list cron file change” (page 15)
• “Support for RFC 4301 security processing for ICMP errors” (page 15)
• “Profile file changes” (page 15)
• “Mobile IPv6 support is obsolete” (page 15)
• “Gateway policies are obsolete” (page 15)
10 New and changed features