HP-UX IPSec A.03.02.02 Release Notes HP-UX 11i version 3 (766158-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Contents

HP secure development lifecycle......................................................................5

1 HP-UX IPSec overview.................................................................................6

2 New and changed features.........................................................................7

New and changed features in A.03.02.02...................................................................................7

New and changed features in A.03.01.01...................................................................................7

New and changed features in A.03.00.01...................................................................................8

New and changed features in A.03.00.00..................................................................................9

IKE policy changes.............................................................................................................11

Support for IKE version 2...............................................................................................11

IKEv1 and IKEv2 policies replace IKE policies...................................................................11

default IKEv1 and IKEv2 policies.....................................................................................11

The ipsec_config add ike command is deprecated.............................................................11

IKE DES encryption is obsolete........................................................................................11

IKEv1 Perfect Forward Secrecy supported with keys only.....................................................12

IKE support for multiple hash, encryption, and group values................................................12

IKE support for Diffie-Hellman groups 5 and 14.................................................................12

IKE support for AES128-CBC encryption...........................................................................12

Authentication record changes.............................................................................................12

Authentication records are mandatory..............................................................................12

Authentication records include a priority alue....................................................................12

Authentication records specify the IKE (key management protocol) version............................12

Authentication records support the AUTOCONF flag..........................................................13

Authentication records support subtrees and address ranges for remote ID matching..............13

Hexadecimal storage for preshared key values starting with 0x...........................................13

Host and tunnel policy changes...........................................................................................13

Nested transforms and DES transforms are obsolete...........................................................13

Support for fallback to clear in host policies......................................................................13

Support for multiple source and destination arguments in host and tunnel policies..................13

Support for IP Address and port number ranges in host policies...........................................13

Support for IP Address ranges in tunnel policies................................................................14

Port numbers and services are ignored in tunnel policies.....................................................14

Support for ICMPv4 and ICMPv6 type codes in host policies..............................................14

Support for IPv6 mobility header type codes in host policies...............................................14

Certificate changes............................................................................................................14

The ipsec_config add cert command is deprecated............................................................14

Support for 4096 bit key pairs for certificates...................................................................14

Support for PKCS#12 certificates.....................................................................................14

Certificate retrieval from LDAP directories..........................................................................14

Support for multiple level Public Key Infrastructures.............................................................15

Certificate revocation list cron file change.........................................................................15

Support for RFC 4301 security processing for ICMP errors.......................................................15

Profile file changes.............................................................................................................15

Mobile IPv6 support is obsolete...........................................................................................15

Gateway policies are obsolete.............................................................................................15

3 Known problems fixed in the release...........................................................16

Known problems fixed in IPSec A.03.02.02................................................................................16

Known problems fixed in IPSec A.03.00.01................................................................................16

Known problems fixed in IPSec A.03.00.00...............................................................................16

Contents 3