[strongSwan] many cipher/hash modes seems to be unavailable
Christoph Anton Mitterer
calestyo at scientia.net
Sun Oct 3 20:23:32 CEST 2010
On Sun, 2010-10-03 at 13:54 +0200, Andreas Steffen wrote:
Actually esp does not need an additional hash algorithm if AEAD
> is used. Thus
> esp = aes256gcm128-sha512-modp2048!
> is actually wrong. The correct syntax is
> esp = aes256gcm128-modp2048!
> if you want perfect forward secrecy or just
> esp = aes256gcm128!
> without PFS during IPsec SA rekeying. With non-AEAD authentication
> a data integrity algorithm *must* be defined, e.g.
Ah thanks for that information,.. and I guess with the ike parameter
it's the same.
Could you please update the manpages/wiki pages to reflect this for
other end-users like me?! ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5677 bytes
Desc: not available
More information about the Users