[Swan-dev] What if ike=aes_gcm_a128-null; modp2048 matches nothing?
Andrew Cagney
andrew.cagney at gmail.com
Mon Jan 5 18:12:39 EET 2015
I'm trying to get pluto to negotiate ike=aes_gcm_a128-null;modp2048
with a remote end.
One unexpected behaviour I've encountered is that when
oakley_alg_makedb() returns nothing - in my case it silently(1)
rejected the null integrity algorithm - leading pluto to instead
select AES_CBC. I suspect pluto should have instead aborted the
connection.
Ignoring my immediate bug, what should the correct behaviour be?
Andrew
(1) As in nothing appeared in the console output during the
connection, and the --status just "hints" at something being amiss.
The debug output was slightly more helpful :-)
More information about the Swan-dev
mailing list