[Swan] Libreswan 3.3.0 breakage

Paul Wouters paul at nohats.ca
Mon Feb 17 16:38:29 UTC 2020

On Mon, 17 Feb 2020, John Crisp wrote:

> No acceptable ECDSA/RSA-PSS ASN.1 signature hash proposal included for
> rsasig in I2 Auth Payload

Does the other end run strongswan? It is not handling RSA-PSS properly
as per RFC. If you were using the libreswan default of authba=yrsasig, you
can try changing it to authby=rsa-sha1 to disable all RC 7427 support.

> responding to Main Mode from unknown peer

If you _really_ want you can enable it at compile time with USE_DH2=true

But everything that supports DH2 also supports DH5. We are pretty sure
nationstates can successfully attack DH2. You really cannot expect to
use crypto parameters that were already not the most secure TWENTY years
ago to still keep working unmodified.

> There is one drawback in increasing security levels. If people can't
> make it work, they'll just stick to the older insecure versions.
> And that helps no one really.
> So the question is how can I make my existing stuff work, or do I just
> have to revert to 3.29 ?

See above. But you should _really_ update your clients to at least DH5.


More information about the Swan mailing list