[yadifa-users] HMAC-SHA256 TSIG's?

Anand Buddhdev anandb at ripe.net
Mon Aug 10 11:52:37 CEST 2015


On 10/08/15 11:40, Leo Vandewoestijne wrote:

> Hi,
> 
> I wish to do IXFR's having Yadifa as a secondairy, and a primary that has a HMAC-SHA256 TSIG.
> However, Yadifa doesn't seem to support that algorithm (unless it was added in 2.1.1),
> while it was suggested (starting in 2008) to deprecate MD5:
> https://tools.ietf.org/html/draft-dupont-dnsext-tsig-md5-deprecated-00
> 
> Could you please expand supported TSIG algorithms?

Hi Leo,

The manual for version 2.1.0 says that yadifa supports the following
TSIG algorithms:

hmac-md5
hmac-sha1
hmac-sha224
hmac-sha256
hmac-sha384
hmac-sha512

The change log in the README file doesn't actually say anything about
adding support for newer hash algorithms, so I infer that all these hash
algorithms have been there from the very first version.

Regards,
Anand


More information about the yadifa-users mailing list