[strongSwan] aes256-gcm16

Martin Willi martin at strongswan.org
Fri Dec 6 15:52:12 CET 2013


>   esp=aes256gcm16-sha1!

This hardly makes sense. You can specify an integrity algorithm if you
have both AEAD and traditional ciphers. The peer then may select either
the AEAD or the traditional encryption+integrity algorithms.

> Does it removes the -sha1 part

Any integrity algorithm specified for an AEAD-only proposal gets
silently removed.


More information about the Users mailing list