Note de la release actuelle

Note de la release actuelle¶

28.0.0-5¶

Upgrade Notes¶

Removed compatibility code for libreswan versions prior to v3.10 (released in 2014). The initnss fallback when checknss is not available has been removed. All supported libreswan versions include the checknss command.

The deprecated and insecure cryptographic algorithms sha1, md5, des, and 3des have been removed from neutron-vpnaas. These algorithms are considered cryptographically weak and are no longer accepted for IKE policies or IPsec policies. Existing configurations using these algorithms must be updated to use stronger alternatives such as sha256, sha384, or sha512 for authentication and aes-128, aes-192, or aes-256 for encryption.

Security Issues¶

Removed support for weak cryptographic algorithms sha1, md5, des, and 3des in VPN IPsec policies. Users should migrate to stronger algorithms (sha256 or above for authentication, aes-128 or above for encryption).

Bug Fixes¶

Added compatibility with libreswan v5.3+, where the _stackmanager command has been removed. The driver now falls back to the start command when _stackmanager is not available. See Launchpad bug 2146535.

Autres notes¶

It is still pending the database migration to remove the support of the deprecated algorithms from the current enums: ikepolicies.auth_algorithm, ipsecpolicies.encryption_algorithm, ipsecpolicies.auth_algorithm and ikepolicies.auth_algorithm.

this page last updated: 2026-04-30 21:39:52

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.