[Swan] How to specify length of "nonce" in phase 1 ?
Paul Wouters
paul at nohats.ca
Mon Sep 21 18:51:19 UTC 2015
On Mon, 21 Sep 2015, Hoa Chen wrote:
> On Solaris, there is "p1_nonce_len" to specify length of "nonce" in phase 1.
>
> But I cannot find corresponding parameter in libreswan. Do you know that ?
The nonce size depends on the DiffieHellman group used. For phase1 you
specify the group as modp values, eg:
ike=aes=sha1;modp2048
ike=aes=sha1;modp1536
ike=aes=sha1;modp1024
Paul
More information about the Swan
mailing list