[Swan] IPsec encryption transform did not specify required KEY_LENGTH attribute
Paul
paul at nohats.ca
Fri Sep 19 17:36:36 EEST 2014
We could change it so no key length means 128, the only mandatory to implement key size...
I noticed that openswan did add 128 for esp but not for ike. Can you tell me which of the two or both are affected with this?
Sent from my iPhone
> On Sep 19, 2014, at 4:12, Wolfgang Nothdurft <wolfgang at linogate.de> wrote:
>
> Is the behaviour after commit 68c25611eed93edd459e38deadf01916ab983115 (https://lists.libreswan.org/pipermail/swan-commit/2014-May/001275.html) intended?
>
> This breaks connectivity with old implementations like openswan 2.4, which doesn't have configured a specific phase2alg.
>
> We also have a customer with old vigor routers that shows this problem and it seems that you can do nothing on the vigor site to change this behavior.
>
> Both sends AES_000-HMAC_SHA1 and can't connect because of the required keylength attribute
>
> Log:
> IPsec encryption transform did not specify required KEY_LENGTH attribute
> sending encrypted notification BAD_PROPOSAL_SYNTAX to 10.0.12.2:500
>
> Wolfgang
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list