[strongSwan] How to specify AES128-XCBC as the PRF in strongswan-5.0.1?

[gowrishankar]

On Thursday 18 October 2012 03:12 PM, Martin Willi wrote:
>> I have also expressed the concern to do similar provisioning for
>> esp= param as well. Can the check be extended for PROTO_ESP too ?
> There is no PRF involved in ESP SAs, nor is a dedicated PRF used in
> CHILD_SA establishment. Hence I see no reason what we could configure
> there.

Correct. I could infer it now as in RFC 4306 Sec 3.3 (and 2.10) that, 
prf algorithm is chosen
only in IKE exchange (not in CHILD SA).

Thanks,
Gowri Shankar


> Regards
> Martin
>
>
>