[Swan-dev] why, in ah-pluto-01, does libreswan emit an ESP proposal
Paul Wouters
paul at nohats.ca
Fri Oct 5 01:37:07 UTC 2018
On Thu, 4 Oct 2018, Andrew Cagney wrote:
> It turns out that, when phase2=ah (i.e., POLICY_AUTHENTICATE), IKEv1's
> defaults, since before the start of time have been:
>
> static struct db_prop_conj ah_props[] = {
> { AD(ah_pc) },
> #ifdef SUPPORT_ESP_NULL
> { AD(espnull_pc) }
> #endif
> };
I see it goes back to before 2.0.0 (but after freeswan-2.0.6)
I guess it is cute to propose both so it could work in a migration can of
way to phase out AH for ESP-NULL, but I guess we're long past that point.
> Should the second line be dropped?
Yes.
Paul
More information about the Swan-dev
mailing list