[strongSwan] [StrongSwan] RFC compliance of supported cipher suits

ip flow ipflow123 at gmail.com
Mon Nov 26 06:51:26 CET 2012


Thanks Andreas!

Regds

On Mon, Nov 26, 2012 at 12:45 AM, Andreas Steffen
<andreas.steffen at strongswan.org> wrote:
> On 11/25/2012 05:27 PM, ip flow wrote:
>>
>> Thanks Tobias!
>> I have two more questions on compliance:
>>
>> 1. Does StrongSwan support RFC 2405 -  The ESP DES-CBC Cipher
>> Algorithm With Explicit IV
>
> Yes, implemented for ESP by the Linux kernel, configurable by strongSwan
>
>> 2. Do you know if NETKEY support RFC 4301, Section 5.1.1 - Handling an
>> Outbound Packet That Must Be Discarded: If an IPsec system receives an
>> outbound packet that it finds it must discard, it SHOULD be capable of
>> generating and sending an ICMP message to indicate to the sender of
>> the outbound packet that the packet was discarded.
>>
> I'm not aware that NETKEY is sending an ICMP message to the sender
> if it DISCARDS a packet.
>
>> Regds
>>
> Regards
>
> Andreas
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==




More information about the Users mailing list