[Swan-dev] DH group naming
Andrew Cagney
andrew.cagney at gmail.com
Fri Jun 23 00:36:03 UTC 2017
On 22 June 2017 at 19:04, Oleg Rosowiecki <orosowiecki at gmail.com> wrote:
> Speaking of the algorithm rename... Is there any reason behind accepting
> only the value of "dh21" for ike= and allowing only "ecp_521" for phase2alg?
I didn't know about that quirk - the recent changes have been unifying
the lookup while largely ignoring the parser. The final round will be
merged post 3.21.
A quick test shows the current code behaves as follows:
ike:
[ aes-sha1;dh21] OK: AES_CBC(7)_000-SHA1(2)-ECP_521(21)
esp:
[ aes-sha1;dh21] OK: AES(12)_000-SHA1(2); pfsgroup=ECP_521(21)
but:
ike/esp:
[ aes-sha1;ecp_521] ERROR: Non alphanum char found after in modp
string, just after "aes-sha1;ecp" (state=ST_AK)
[ aes-sha1;ecp_521] ERROR: Non alphanum char found after in modp
string, just after "aes-sha1;ecp" (state=ST_AK)
so things are at least consistent (and dh21 is the preferred name).
I'll tweak the parser.
More information about the Swan-dev
mailing list