On Mon, 12 Dec 2016, Andrew Cagney wrote: > Good point. It looks like: > > - we can negotiate IKE "twofish_ssh" > - but we use "twofish_cbc" as the encryption > > so I guess it was never fully implemented. > > Time to delete? I'd leave it as-is, mostly to keep the IKEv1 stack as unchanged as possible. Paul