[Swan-dev] new test failures
Paul Wouters
paul at nohats.ca
Wed Feb 13 18:44:35 UTC 2019
On Wed, 13 Feb 2019, Andrew Cagney wrote:
> It would be from more algorithms being added to defaults. But there's
> another change I think needs to follow. Namely changing the way IKE
> proposals are formatted. Namely remove the smart that suppresses
> <integ>, so that what was:
>
> <encrypt>-<prf>-<dh>
> AES_CBC-HMAC_SHA1-DH31
> AES_GCM_16-HMAC_SHA1-DH31
That is really encrypt-integ-dh right?
We don't specify/print the prf until now because we assume integ == prf
except for AEAD.
> becomes the longer:
>
> <encrypts>-<prfs>-<integs>-<dhs>
> AES_CBC-HMAC_SHA1-HMAC_SHA1_96-DH31
> AES_GCM_16-HMAC_SHA1-NONE-DH31
>
> thoughts?
I'd prefer encr-integ-prf-dh maybe ? I don't know.
> I'll look at this. It wasn't expected. IKE proposals should prefer
> 256 while ESP proposals should prefer 128.
Ok,
Paul
More information about the Swan-dev
mailing list