[Swan-dev] pluto crashes with signal 11 when ike=des
Paul Wouters
paul at nohats.ca
Tue Jul 8 18:35:32 EEST 2014
On Tue, 8 Jul 2014, Ben Lentz wrote:
> I apologize if this is the wrong place to post to receive help for an
> issue like this.
not at all.
> I am trying to connect to an IPSEC gateway that requires single DES
That is not allowed with openswan or libreswan. It takes a modern quad
code minutes upto hours to crack that. It's not a VPN. don't give
yourself a false sense of security!
> but I find that when I specify ike=des, the pluto process crashes and
> drops core.
This was fixed in:
commit 2d0a4be2968457d58954b79b6496927cb7f157d0
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu May 15 15:44:01 2014 -0400
pluto: don't die when the only loaded proposal is completely invalid
It will be part of libreswan-3.9. I'll see if I can put this into
openswan-2.6.32-32 for RHEL-6.6 as well.
But it is not your real problem. Your real problem is trying to use
1DES. The only valid answer is: don't.
Paul
More information about the Swan-dev
mailing list