[Swan] lower keysizemin possible for libreswan

Frank frank at dio.demon.nl
Mon Jun 20 12:20:40 UTC 2016


Can the auth keysize minima be lowered?

the rightside ( Juniper SRX)  only supports these:
  hmac-md5-96          HMAC-MD5-96 authentication algorithm
  hmac-sha-256-128     HMAC-SHA-256-128 authentication algorithm
  hmac-sha-256-96      HMAC-SHA-256-96 authentication algorithm (non-RFC compliant)
  hmac-sha1-96         HMAC-SHA1-96 authentication algorithm

000 algorithm AH/ESP auth: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm AH/ESP auth: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256

which are all higher than the keysizemin of the juniper.

I’m on centos7 with libreswan.x86_64 3.12-10.1.el7_1  , with backports by redhat.

How to make this work?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160620/fc5d1b70/attachment.html>

More information about the Swan mailing list