[Swan-dev] new test failures
paul at nohats.ca
Wed Feb 13 19:46:37 UTC 2019
On Wed, 13 Feb 2019, Andrew Cagney wrote:
> So looking at the parser, officially, for IKE, it expected:
> but, unofficially, it could also parse (I don't think this was documented?):
> if we reverse things vis:
> then proposals like:
> all still work fine - prf can be painfully derived from integ, but:
> would break; force aes_gcm-none-sha1, or require some heuristic to
> figure out <integ> should be skipped.
Sure, so I guess encr-prf[-integ]-dh it is. I mean prf should be integ
in all non-aead cases anyway. At least, we used to only support those
and I wouldn't mind to keep it that way. I dont think we ever tested
prf != integ on non-AEAD. So be careful allowing that now without a
bunch of a new tests.
so what happens now with ike=aes-sha2-sha2-dh14 ?
More information about the Swan-dev