[Swan] lower keysizemin possible for libreswan
Frank
frank at dio.demon.nl
Mon Jun 20 12:20:40 UTC 2016
Hi,
Can the auth keysize minima be lowered?
the rightside ( Juniper SRX) only supports these:
hmac-md5-96 HMAC-MD5-96 authentication algorithm
hmac-sha-256-128 HMAC-SHA-256-128 authentication algorithm
hmac-sha-256-96 HMAC-SHA-256-96 authentication algorithm (non-RFC compliant)
hmac-sha1-96 HMAC-SHA1-96 authentication algorithm
libreswan:
000 algorithm AH/ESP auth: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm AH/ESP auth: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
which are all higher than the keysizemin of the juniper.
I’m on centos7 with libreswan.x86_64 3.12-10.1.el7_1 , with backports by redhat.
How to make this work?
Rgds,
Frank.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160620/fc5d1b70/attachment.html>
More information about the Swan
mailing list