[strongSwan-dev] why DH group NEWHOPE_128 inacceptable ?
Noel Kuntze
noel at familie-kuntze.de
Fri Oct 21 14:52:31 CEST 2016
On 21.10.2016 13:58, Trump DD wrote:
> 02[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ
That's normal. With a certain IKE version (don't remember which),
the DH-Group only is important when rekeying, because the initial setup of
a CHILD_SA doesn't include a DH exchange, it is only done when rekeying
the CHILD_SA.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20161021/bad4c6b4/attachment.sig>
More information about the Dev
mailing list