[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Thu Jan 3 03:22:59 UTC 2019

New commits:
commit c96fe70995befc74cefe3a13aaf599b1592f69dc
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jan 2 22:22:20 2019 -0500

    documentation: update CHANGES

commit 0d778556742ee03039cd78e5818db99bd7c12166
Author: wuwei29 <wuwei29 at baidu.com>
Date:   Wed Jan 2 22:11:46 2019 -0500

    IKEv1: Allow final message in Aggressive Mode to not be encrypted
    Fixes an interop issue with Volans gateway from Volans Technology, Inc.
    The relevant part of RFC 2409 Section 5 specifying this behaviour:
       Similarly, Aggressive Mode is an instantiation of the ISAKMP
       Aggressive Exchange. The first two messages negotiate policy,
       exchange Diffie-Hellman public values and ancillary data necessary
       for the exchange, and identities.  In addition the second message
       authenticates the responder. The third message authenticates the
       initiator and provides a proof of participation in the exchange. The
       XCHG for Aggressive Mode is ISAKMP Aggressive.  The final message MAY
       NOT be sent under protection of the ISAKMP SA allowing each party to
       postpone exponentiation, if desired, until negotiation of this
       exchange is complete. The graphic depictions of Aggressive Mode show
       the final payload in the clear; it need not be.
    Note the "MAY NOT be sent under protection" really means "MAY be sent not
    under protection of"
    Before this patch, hosts that implemented the MAY would be rejected by
    libreswan with "packet rejected: should have been encrypted"
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

More information about the Swan-commit mailing list