[ad_1]
I not too long ago obtained a brand new M3 MBP to exchange my previous Intel mannequin, which additionally necessitated an improve to Sonoma from Ventura. My VPN configuration is through a cell configuration profile that has labored high quality for some time. It specifies the next P1 settings:
<key>IKESecurityAssociationParameters</key>
<dict>
<key>DiffieHellmanGroup</key>
<integer>20</integer>
<key>EncryptionAlgorithm</key>
<string>AES-256-GCM</string>
<key>IntegrityAlgorithm</key>
<string>SHA2-384</string>
<key>LifeTimeInMinutes</key>
<integer>480</integer>
</dict>
However once I tried to hook up with my firm VPN for the primary time on my new MBP I used to be unable to. Digging into logs on our router, I discovered macOS was ignoring the profile settings and sending these proposals:
IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256
IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
That is totally different than earlier variations, as my router was configured to solely settle for this:
IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384
The one modern OS modifications I might discover documented had been the removing of some super-old and insecure protocols from tvOS and watchOS 17.
Is that this a documented change associated both to Sonoma or my structure change?
[ad_2]