[strongSwan-dev] Tunnel establishes with empty ("") PSK value

Andreas Steffen andreas.steffen at strongswan.org
Thu Aug 9 15:20:50 CEST 2018


Hi Pavan,

strongSwan does not check the security strength of the PSK used. Thus
an empty PSK explicitly set in ipsec.secrets is admissible. The traffic
still gets encrypted, though.

Regards

Andreas

On 09.08.2018 15:14, Pavan Maganti wrote:
> Hi,
> 
> I am able to establsih IKEv2 tunnel with empty ("") PSK value used in
> ipsec.secrets file on both peers. Is this expected? Please clarify.
> 
> Regards,
> Pavan M

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2945 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20180809/e438e770/attachment.bin>


More information about the Dev mailing list