[Swan-dev] new test failures
Andrew Cagney
andrew.cagney at gmail.com
Wed Feb 13 18:24:06 UTC 2019
On Wed, 13 Feb 2019 at 10:16, Paul Wouters <paul at nohats.ca> wrote:
>
> On Wed, 13 Feb 2019, D. Hugh Redelmeier wrote:
>
> > I ran the tests last evening. The new failures look simple to fix.
> >
> > I include a diff of the summary from the previous run
> > (summary produced by "testing/utils/kvmresults.py testing/pluto/").
>
> I'm going to ignore the changes due to andrew's algorithm changes from
> the last few days, assuming those will be updated.
It would be from more algorithms being added to defaults. But there's
another change I think needs to follow. Namely changing the way IKE
proposals are formatted. Namely remove the smart that suppresses
<integ>, so that what was:
<encrypt>-<prf>-<dh>
AES_CBC-HMAC_SHA1-DH31
AES_GCM_16-HMAC_SHA1-DH31
becomes the longer:
<encrypts>-<prfs>-<integs>-<dhs>
AES_CBC-HMAC_SHA1-HMAC_SHA1_96-DH31
AES_GCM_16-HMAC_SHA1-NONE-DH31
thoughts?
>
> Ah few cases got their default key size to go from 128 to 256? Probably
> as a result of the proposal parser changes? I'm fine with that. Let uses
> go back to 128 key manually if they really want to do that.
I'll look at this. It wasn't expected. IKE proposals should prefer
256 while ESP proposals should prefer 128.
More information about the Swan-dev
mailing list