[Swan] BAD_PROPOSAL_SYNTAX, PAYLOAD_MALFORMED, KEY_LENGTH attribute

Paul Wouters paul at nohats.ca
Thu Apr 9 18:46:12 EEST 2015


On Thu, 9 Apr 2015, Wolfgang Nothdurft wrote:

> you can fix this setting phase2alg on the initiator (end1).
>
> @Paul: it seems this was forgotten
>
> https://lists.libreswan.org/pipermail/swan/2014/000899.html

It was not forgotten, but what should we do in that case? It violates
the RFC. Should we assume 128 or 256? Only 128 is mandatory to
implement. I'm still torn. It would be nice to interop with the
old versions, but we have no good idea to know which key size they
mean when specifying none.

I've added a FAQ on it:

https://libreswan.org/wiki/FAQ#.22IPsec_encryption_transform_did_not_specify_required_KEY_LENGTH.22

Paul


More information about the Swan mailing list