[Swan] OSX Good, Win10 Good, now Win7
Mr. Jan Walter
hopping_hol at yahoo.com
Fri Feb 1 00:51:18 UTC 2019
Aware of the case, just not the esp line needed. I doubt they'll fix it unless enterprise customers really make a stink. And they tend to use the Cisco client with problems of its own.
Works now. Thanks again!
On Thursday, January 31, 2019, 6:36:56 PM EST, Paul Wouters <paul at nohats.ca> wrote:
On Thu, 31 Jan 2019, Mr. Jan Walter wrote:
> That's in the config already. Other ideas?
ike=aes256-sha2_512;modp2048,aes128-sha2_512;modp2048,aes256-sha2;modp1024,aes128-sha1;modp1024
esp=aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes128-sha2_512,aes256-sha2_256,aes128-sha2_256,aes128-sha1,aes256-sha1
That adds the weak modp groups that windows mistakenly uses on rekey.
Note for your reference, we reported IKEv2 only using weak groups in
October 2016, and got assigned Microsoft MSRC Case: 35732. We found out
about the rekey using the bad group in Feb 2018 and notified using the
same case number.
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190201/63f72574/attachment.html>
More information about the Swan
mailing list