[Swan-dev] defaults for ike= and esp= need updating?

[Paul Wouters]

On Tue, 13 Dec 2016, Tuomo Soini wrote:

> Sorry. We can't drop modp1024 from default ikev1 proposals before
> windows fixes their algo support to include modp2048.

It already needs to be dropped when in FIPS mode.  I'm happy for people
to need to specify modp1024 using an ike= line if they still need that
today. We will put a big warning in the announcement and changelog.

Paul