[Swan-commit] Changes to ref refs/heads/master
paul at vault.libreswan.fi
Mon Mar 2 02:47:56 UTC 2020
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 1 21:46:17 2020 -0500
IKEv2: Set keyingtries to 1 for Opportunistic Encryption connections.
We cannot have unlimited keyingtries for Opportunistic, or else we gain
infinite partial IKE SA's. But also, more than one makes no sense, since
it will be installing a failureshunt (not negotiationshunt) on the 2nd
keyingtry, and try to re-install another negotationshunt, ad nauseam.
More information about the Swan-commit