[Swan-dev] IKEv2 default policy
Andrew Cagney
andrew.cagney at gmail.com
Thu Jan 22 04:24:10 EET 2015
Hi,
I'm just brute-forcing a split of IKEv1 and IKEv2 policies (what
algorithms get offered / accepted by default) so that I can add:
AES_GCM_16_256 + SHA2_256
AES_GCM_16_128 + SHA2_256
AES_GCM_16_256 + SHA1
AES_GCM_16_128 + SHA1
to the IKEv2 side. Others? CAMELLIA_CBC+...? AES_CBC+SHA2?
Looking through the existing proposals, some seem flimsy. For instance, should:
static struct db_trans oakley_trans_pskrsasig_xauthc[] = {
{ AD_TR(KEY_IKE, otrsasig1536des3md5_xauthc) },
{ AD_TR(KEY_IKE, otpsk1536des3md5_xauthc) },
which seems weaker than my tea, be removed from IKEv2.
Andrew
More information about the Swan-dev
mailing list