Home Apple macos – IPSEC VPN algorithm modifications in Sonoma/Apple Silicon?

macos – IPSEC VPN algorithm modifications in Sonoma/Apple Silicon?

0
macos – IPSEC VPN algorithm modifications in Sonoma/Apple Silicon?

[ad_1]

I not too long ago obtained a brand new M3 MBP to exchange my previous Intel mannequin, which additionally necessitated an improve to Sonoma from Ventura. My VPN configuration is through a cell configuration profile that has labored high quality for some time. It specifies the next P1 settings:

<key>IKESecurityAssociationParameters</key>
<dict>
    <key>DiffieHellmanGroup</key>
    <integer>20</integer>
    <key>EncryptionAlgorithm</key>
    <string>AES-256-GCM</string>
    <key>IntegrityAlgorithm</key>
    <string>SHA2-384</string>
    <key>LifeTimeInMinutes</key>
    <integer>480</integer>
</dict>

However once I tried to hook up with my firm VPN for the primary time on my new MBP I used to be unable to. Digging into logs on our router, I discovered macOS was ignoring the profile settings and sending these proposals:

IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256
IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

That is totally different than earlier variations, as my router was configured to solely settle for this:

IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384

The one modern OS modifications I might discover documented had been the removing of some super-old and insecure protocols from tvOS and watchOS 17.

Is that this a documented change associated both to Sonoma or my structure change?

[ad_2]