[strongSwan] [StrongSwan] RFC compliance of supported cipher suits

Andreas Steffen andreas.steffen at strongswan.org
Sun Nov 25 20:15:47 CET 2012

On 11/25/2012 05:27 PM, ip flow wrote:
> Thanks Tobias!
> I have two more questions on compliance:
> 1. Does StrongSwan support RFC 2405 -  The ESP DES-CBC Cipher
> Algorithm With Explicit IV
Yes, implemented for ESP by the Linux kernel, configurable by strongSwan

> 2. Do you know if NETKEY support RFC 4301, Section 5.1.1 - Handling an
> Outbound Packet That Must Be Discarded: If an IPsec system receives an
> outbound packet that it finds it must discard, it SHOULD be capable of
> generating and sending an ICMP message to indicate to the sender of
> the outbound packet that the packet was discarded.
I'm not aware that NETKEY is sending an ICMP message to the sender
if it DISCARDS a packet.

> Regds


Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list