[strongSwan] many cipher/hash modes seems to be unavailable

Christoph Anton Mitterer calestyo at scientia.net
Sun Oct 3 20:23:32 CEST 2010

On Sun, 2010-10-03 at 13:54 +0200, Andreas Steffen wrote:
Actually esp does not need an additional hash algorithm if AEAD
> is used. Thus
>   esp = aes256gcm128-sha512-modp2048!
> is actually wrong. The correct syntax is
>   esp = aes256gcm128-modp2048!
> if you want perfect forward secrecy or just
>   esp = aes256gcm128!
> without PFS during IPsec SA rekeying. With non-AEAD authentication
> a data integrity algorithm *must* be defined, e.g.
>   eps=aes256-sha512!

Ah thanks for that information,.. and I guess with the ike parameter
it's the same.

Could you please update the manpages/wiki pages to reflect this for
other end-users like me?! ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101003/a069eeb3/attachment.bin>

More information about the Users mailing list