[strongSwan] Why "IV" is sent in null encrypted ESP packet

Shashidhar Patil shashi_patil77 at yahoo.com
Sun Jun 23 10:37:40 CEST 2013


When I cpature the null encrypted ESP packet (HMAC-sha1 is used for authentication), I observed
"Initialization vector" of 8 bytes size in the ESP header.
I was under the impression that IV is not needed for null encrypted packets.
And the HMAC and sha-1 hashing algorithms won't need any IV.
correct me if I'm wrong.
Could you please explain the reason for this ?

configuration used in ipsec.conf for this was "esp=null-sha1".

Best Regards,
Shashidhar Patil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130623/257a2d9c/attachment.html>

More information about the Users mailing list