[Swan-dev] esp/ah proposal sets not working properly
Paul Wouters
paul at nohats.ca
Thu Oct 8 02:52:51 UTC 2015
On Wed, 20 May 2015, Wolfgang Nothdurft wrote:
[ going through old email ]
> Subject: [Swan-dev] esp/ah proposal sets not working properly
>
> I opened a ticket and added a patch:
>
> https://bugs.libreswan.org/show_bug.cgi?id=228
I see. I checked the regular case of different order algos, and that
works. I did not test with a version with less ESP support (eg KLIPS
without sha256). You are probably right and we should fix this.
> Are there any plans to use stronger proposals in the default set?
>
> Because than there will be another problem with old versions (see ticket)
Yes, but only for IKEv2.
I'd say let's pick this up when we do the work on esp=chacha20-poly1305
and we see kernels that do and do not support that algorithm.
Especially, because some people will have a strong preference for this
non-NIST cipher and probably add it first to the proposal list.
Paul
More information about the Swan-dev
mailing list