[strongSwan] How to specify the prf algorithm in ikev2
Martin Willi
martin at strongswan.org
Tue Oct 19 11:35:36 CEST 2010
Hi,
> In ipsec.conf,we could actually specify the ike=encryption-integrity-DH group;
> so how could i change the prf algorithm being used?
This is currently not possible via ipsec.conf, the specified integrity
algorithm is also used as PRF. We could extend that syntax somehow, but
I don't think it makes a lot of sense for the end user.
> the first one would be: PRF(HMAC_SHA1 and AES128_CBC) and Integrity (HMAC_SHA1_96)
> the secound one would be: PRF(HMAC_SHA1) and Integrity(HMAC_SHA1_96 and AES_XCBC_96)
We discussed this some weeks ago, Jiri posted a patch [1] that worked
for his testing efforts.
Regards
Martin
[1]https://lists.strongswan.org/pipermail/users/2010-August/005180.html
More information about the Users
mailing list