[Swan-dev] new test failures

Paul Wouters paul at nohats.ca
Wed Feb 13 18:44:35 UTC 2019

On Wed, 13 Feb 2019, Andrew Cagney wrote:

> It would be from more algorithms being added to defaults.  But there's
> another change I think needs to follow.  Namely changing the way IKE
> proposals are formatted.  Namely remove the smart that suppresses
> <integ>, so that what was:
>  <encrypt>-<prf>-<dh>

That is really encrypt-integ-dh right?
We don't specify/print the prf until now because we assume integ == prf
except for AEAD.

> becomes the longer:
>  <encrypts>-<prfs>-<integs>-<dhs>
> thoughts?

I'd prefer encr-integ-prf-dh maybe ? I don't know.

> I'll look at this.  It wasn't expected.  IKE proposals should prefer
> 256 while ESP proposals should prefer 128.



More information about the Swan-dev mailing list