[Swan-dev] Algorithm parser filtering unsupported algorithms
andrew.cagney at gmail.com
Thu Aug 24 19:07:08 UTC 2017
On 22 August 2017 at 11:29, Paul Wouters <paul at nohats.ca> wrote:
> Merging them into one seems the best. If there is no different structs
> behind them
Done, and much dead code removed ...
> IKE algorithms wanted: AES_CBC-HMAC_SHA1-MODP2048
> IKE algorithms found: AES_CBC_128-HMAC_SHA1-MODP2048
here, after some flip flopping I went with the former vis:
so it matches what the user entered; and doesn't, I think misleadingly,
show just the default key length when it is the MAX key length that will
likely be accepted.
> - for esp/ah the only difference is the addition of PFS in the first
> line (if at all):
> ESP algorithms wanted: AES(12)_128-SHA2_512(7); pfsgroup=MODP2048(14)
> ESP algorithms loaded: AES(12)_128-SHA2_512(7)
> I suspect, on both cases, the two lines can be merged into one?
and here, so that the output can be fed back into the parser, it was
In the case of IKEv2, the other thing that might be interesting is a dump
of the raw proposal; but that is already is sent to pluto log. Later.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan-dev