6f7a619b06
- Add note in options.pptp about MPPE not being available in FIPS mode (#845112) - Add note in options.pptp about PPTP with MSCHAP-V2 being insecure
36 lines
1.4 KiB
Diff
36 lines
1.4 KiB
Diff
Index: options.pptp
|
|
===================================================================
|
|
RCS file: /cvsroot/pptpclient/pptp-linux/options.pptp,v
|
|
retrieving revision 1.3
|
|
diff -u -r1.3 options.pptp
|
|
--- options.pptp 26 Mar 2006 23:11:05 -0000 1.3
|
|
+++ options.pptp 30 Aug 2012 12:38:36 -0000
|
|
@@ -33,17 +33,25 @@
|
|
|
|
# Encryption
|
|
# (There have been multiple versions of PPP with encryption support,
|
|
-# choose with of the following sections you will use. Note that MPPE
|
|
+# choose which of the following sections you will use. Note that MPPE
|
|
# requires the use of MSCHAP-V2 during authentication)
|
|
+#
|
|
+# Note that using PPTP with MPPE and MSCHAP-V2 should be considered
|
|
+# insecure:
|
|
+# http://marc.info/?l=pptpclient-devel&m=134372640219039&w=2
|
|
+# https://github.com/moxie0/chapcrack/blob/master/README.md
|
|
+# http://technet.microsoft.com/en-us/security/advisory/2743314
|
|
|
|
# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
|
|
# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
|
|
+# If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module
|
|
+# is not allowed and PPTP-MPPE is not available.
|
|
# {{{
|
|
# Require MPPE 128-bit encryption
|
|
#require-mppe-128
|
|
# }}}
|
|
|
|
-# http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec
|
|
+# http://mppe-mppc.alphacron.de/ fork from PPP project by Jan Dubiec
|
|
# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
|
|
# {{{
|
|
# Require MPPE 128-bit encryption
|