[Swan] BAD_PROPOSAL_SYNTAX, PAYLOAD_MALFORMED, KEY_LENGTH attribute
Paul Wouters
paul at nohats.ca
Thu Apr 9 18:46:12 EEST 2015
On Thu, 9 Apr 2015, Wolfgang Nothdurft wrote:
> you can fix this setting phase2alg on the initiator (end1).
>
> @Paul: it seems this was forgotten
>
> https://lists.libreswan.org/pipermail/swan/2014/000899.html
It was not forgotten, but what should we do in that case? It violates
the RFC. Should we assume 128 or 256? Only 128 is mandatory to
implement. I'm still torn. It would be nice to interop with the
old versions, but we have no good idea to know which key size they
mean when specifying none.
I've added a FAQ on it:
https://libreswan.org/wiki/FAQ#.22IPsec_encryption_transform_did_not_specify_required_KEY_LENGTH.22
Paul
More information about the Swan
mailing list