[strongSwan] Android client supported Cipher Suites? trouble getting aes256 to work

Andreas Steffen andreas.steffen at strongswan.org
Thu Sep 27 09:16:33 CEST 2012


in fact, very strange collection of cipher suites the
strongSwan Android client is proposing:

received proposals: ESP:

I'm not aware that libipsec would support blowfish_cbc, 3des_cbc,
aes_xcbc, and hmac_md5_96 and sha256_128,sha384_192 and sha512_256
are prominently missing. Tobias could you check that?



On 27.09.2012 05:19, Mark M wrote:
> Hi,
> I have been trying to get my Android client to work with aes256 with
> esp=aes256-sha256-aes256 but it would always default to aes128, the
> default. After looking at the logs for awhile I noticed  that the client
> sends very few proposals and the only one I could get to work is
> esp=aes256-sha1-modp1024!
> so for my connection I use
> ike=aes256-sha256-modp1024!
> esp=aes256-sha1-modp1024!
> Is this the best I can for the Android client?  Is there a list of
> supported cipher suites for the Android client?. I am also using this
> connection for a server 2008/Windows 7 client and noticed that they send
> different cipher suites as well and had to settle on the ones I posted
> above for both the Windows client and Android to work at the same time.
> Mark-
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4502 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120927/20283bed/attachment.bin>

More information about the Users mailing list