[strongSwan] many cipher/hash modes seems to be unavailable

Christoph Anton Mitterer calestyo at scientia.net
Sun Oct 3 13:43:35 CEST 2010

On Sun, 03 Oct 2010 13:30:11 +0200, Andreas Steffen
<andreas.steffen at strongswan.org> wrote:
>> And isn't it overkill to an authenticating and encrypting cipher,
>> I thought authentication would (in addition) be already gained by the
>> e.g.
>> sha1 part?
> In the statement
> ike = aes256gcm128-sha512-modp2048

Ah... and what about esp? I thought esp would be always authenticated and
encrypted, does this now mean that when I use e.g.
esp = aes256-sha1 (so no AE cipher like gcm or ccm) that there's no

Thx in advance :)


More information about the Users mailing list