upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-21 23:08:53 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch '4421-deprecate-AES-based-DNS-cookies-9.16' into 'bind-9.16'

Browse source 
[9.16] Deprecate AES algorithm for DNS cookies

See merge request isc-projects/bind9!8487
This commit is contained in:
Tom Krizek 2023-12-05 12:35:39 +00:00
commit ec0a756f6c
3 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -1,3 +1,5 @@
6282. [func] Deprecate AES-based DNS cookies. [GL #4421]
--- 9.16.45 released ---
6269. [maint] B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and

3
doc/notes/notes-current.rst
View file

@ -25,7 +25,8 @@ New Features
Removed Features
~~~~~~~~~~~~~~~~
- None.
- The support for AES algorithm for DNS cookies has been deprecated.
:gl:`#4421`
Feature Changes
~~~~~~~~~~~~~~~

4
lib/bind9/check.c
View file

@ -1457,6 +1457,10 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
(void)cfg_map_get(options, "cookie-algorithm", &obj);
if (obj != NULL) {
ccalg = cfg_obj_asstring(obj);
if (strcasecmp(ccalg, "aes") == 0) {
cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"cookie-algorithm 'aes' is deprecated");
}
}
obj = NULL;