IPsec: Does cOS Core support Pseudo-Random Functions (PRFs) according to RFC-4868?

Last modified on 14 Dec, 2022. Revision 6
Explanation about PRFs support in cOS Core
Up to date for
cOS Core 14.00.7
Supported since
cOS Core 10.21.xx
Status OK
Author
Peter Nilsson

Question

We have a system that uses Pseudo-Random Functions (PRFs) by default on all our IPsec tunnels and we cannot change this option to avoid it affecting all configured IPsec tunnels. Do Clavister support PRF in some way?

Answer

Yes, with the introduction of SHA-256 and SHA-512 in version 10.21 we also support PRF. Please note that only these two integrity algorithms support PRF.

Support for SHA-384 was added in version 13.00.01 and up. Now there are three integrity algorithms available that support PRF.



Related articles

Configuring L2TP/IPsec Server using PSK
11 Jan, 2023 ipsec core vpn
Setup of a Layer-3 bridge over IPsec in cOS Core
12 Apr, 2023 core proxyarp arp ipsec routing
Configuring public certificates in NetWall firewalls
23 Aug, 2022 core certificate oneconnect ipsec vpn
cOS Core L2TP server setup with Windows Server CA certificates
21 Feb, 2023 ipsec certificate windows ca core
Problem with auto-created Core routes
22 Mar, 2021 core ipsec routing
Setting up OSPF with IPsec in cOS Core
21 Dec, 2023 core routing ospf ipsec
cOS Core IPsec IKEv1 "No_Proposal_Chosen" error in 14.00.10
4 Aug, 2023 core ipsec troubleshoot ike
IPsec license usage calculation
14 Apr, 2021 core license ipsec
Does IPsecBeforeRules trigger before Access rules?
8 Sep, 2020 core ipsec rules access
Split tunneling in cOS Core with Windows L2TP/IPsec clients
29 Mar, 2023 ipsec core windows vpn l2tp
Troubleshooting IPsec tunnels (IKEv1)
7 Dec, 2022 ipsec ike troubleshoot core
cOS Core IKEv2 tunnel setup with certificates for iOS clients
5 Apr, 2023 core nps ipsec radius legacy
Freeing up more memory in the Firewall
23 Aug, 2022 core connections ipsec memory
Route failover with IPsec tunnels in cOS Core
13 Feb, 2023 ipsec core routing failover