[Swan] Libreswan 3.3.0 breakage

John Crisp jcrisp at safeandsoundit.co.uk
Mon Feb 17 17:02:01 UTC 2020

Hi Paul, and thanks for responding.

On 17/02/20 17:38, Paul Wouters wrote:
> On Mon, 17 Feb 2020, John Crisp wrote:
>> No acceptable ECDSA/RSA-PSS ASN.1 signature hash proposal included for
>> rsasig in I2 Auth Payload
> Does the other end run strongswan? It is not handling RSA-PSS properly
> as per RFC. If you were using the libreswan default of authba=yrsasig, you
> can try changing it to authby=rsa-sha1 to disable all RC 7427 support.

Linux strongSwan U5.3.5/K4.4.145.e3.1

Look like it :-(

However, I was using authby=rsasig already which *was* working.

>> responding to Main Mode from unknown peer
>> OAKLEY_GROUP 2 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
> If you _really_ want you can enable it at compile time with USE_DH2=true

Ain't going to happen :-( Easier just to use 3.29 (and there is the nub
of the problem)

> But everything that supports DH2 also supports DH5. We are pretty sure
> nationstates can successfully attack DH2. You really cannot expect to
> use crypto parameters that were already not the most secure TWENTY years
> ago to still keep working unmodified.

Someone ought to tell Google to fix their crappy phone system then ;-)
That is an Android v10 ipsec l2tpd connection....

Why on earth don't they do something? Or have the nation states asked
them not too?

(we are using ipsec/l2tpd for mobile remote access - as opposed to
network-network tunnels - because it is on most devices by default and
can be easily linked to the local user for allowing access and IP
allocation etc - IKE v2 doesn't handle Pam Authent as far as I can see.....)

>> There is one drawback in increasing security levels. If people can't
>> make it work, they'll just stick to the older insecure versions.
>> And that helps no one really.
>> So the question is how can I make my existing stuff work, or do I just
>> have to revert to 3.29 ?
> See above. But you should _really_ update your clients to at least DH5.

It's difficult when you have virtually zero control over some client
software and are powerless to change it no matter how much you want to.

We need Libreswan on all devices.....

To think I am still trying to shift people off pptp.... :-(

B. Rgds

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200217/771fdbac/attachment.sig>

More information about the Swan mailing list