cloudstack

History

Abhisar Sinha 002d9768b2 Add settings to mark cryptographic algorithms in vpn customer gateways as excluded or obsolete (#12193 ) This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN. Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments. These settings are: 1. vpn.customer.gateway.excluded.encryption.algorithms 2. vpn.customer.gateway.excluded.hashing.algorithms 3. vpn.customer.gateway.excluded.ike.versions 4. vpn.customer.gateway.excluded.dh.group 5. vpn.customer.gateway.obsolete.encryption.algorithms 6. vpn.customer.gateway.obsolete.hashing.algorithms 7. vpn.customer.gateway.obsolete.ike.versions 8. vpn.customer.gateway.obsolete.dh.group	2026-01-19 13:18:37 +05:30
..
src	Add settings to mark cryptographic algorithms in vpn customer gateways as excluded or obsolete (#12193 )	2026-01-19 13:18:37 +05:30
pom.xml	Updating pom.xml version numbers for release 4.23.0.0-SNAPSHOT	2025-11-05 16:54:39 +05:30

Add settings to mark cryptographic algorithms in vpn customer gateways as excluded or obsolete (#12193 )

This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.

Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.

These settings are:

1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group

2026-01-19 13:18:37 +05:30

src

Add settings to mark cryptographic algorithms in vpn customer gateways as excluded or obsolete (#12193 )

2026-01-19 13:18:37 +05:30

pom.xml

Updating pom.xml version numbers for release 4.23.0.0-SNAPSHOT

2025-11-05 16:54:39 +05:30