[strongSwan] Azure child rekeying loop
Andrei-Florian Staicu
andrei.staicu at gmail.com
Mon Feb 20 12:12:19 CET 2017
Just tried it with
ike=aes256-sha1-modp2048!
esp=aes256-sha1-modp2048!
And got
received NO_PROPOSAL_CHOSEN notify error
So yeah, either they configured crap, or Microsoft magic.
(sorry for the rant)
On Mon, Feb 20, 2017 at 12:29 PM Noel Kuntze <noel at familie-kuntze.de> wrote:
> That doesn't really make sense, because modp2048 seems to work when
> rekeying a CHILD_SA,
> so the remote peer has to be able to use that group also when establishing
> an IKE_SA.
> Do you mean, the ones that implemented it just configured crap?
>
> On 20.02.2017 11:28, Andrei-Florian Staicu wrote:
> > I really can't, I'm just a tenant there and the ones that implemented it
> are idiots.
> >
> >
> > On Mon, Feb 20, 2017, 12:19 Noel Kuntze <noel at familie-kuntze.de <mailto:
> noel at familie-kuntze.de>> wrote:
> >
> > On 20.02.2017 11:18, Andrei-Florian Staicu wrote:
> > > ike=aes256-sha1-modp1024!
> >
> > That DH group is broken in regards to security. Please use a
> stronger one.
> >
> > --
> >
> > Mit freundlichen Grüßen/Kind Regards,
> > Noel Kuntze
> >
> > GPG Key ID: 0x63EC6658
> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> >
> >
> > --
> > Beware of programmers who carry screwdrivers.
>
> --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>
> --
Beware of programmers who carry screwdrivers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170220/25f2a7a0/attachment.html>
More information about the Users
mailing list