[strongSwan] charon says "DH group MODP_1024 inacceptable, requesting MODP_1536"

Rayson Zhu vfreex at gmail.com
Wed Oct 28 02:50:02 CET 2015


I met this issue too. I have to change my cipher suite to
aes128-sha-1-modp1024 to connect IOS devices.

On Tuesday, October 27, 2015, Tobias Brunner <tobias at strongswan.org> wrote:

> Hi Harald,
>
> > If I got you correctly I would have to move back to DH2, just to make
> > the iphone users happy.
>
> Correct, or you use a configuration profile with DiffieHellmanGroup set
> to one of the other groups Apple claims to support (I don't know which
> of them actually work, though): 2 (Default), 5, 14, 15, 16, 17, or 18.
>
> > Do you know of any commitments from Apple to fix this?
>
> No idea.  I wasn't the one adding that information to the wiki.  But you
> could report the bug to Apple to get a rough idea when it is fixed.  In
> this case they will close your bug report and mark it as duplicate and
> you won't get any direct status updates etc. but you can see whether the
> original ticket is still open or not.
>
> Regards,
> Tobias
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org <javascript:;>
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151028/2ef46970/attachment.html>


More information about the Users mailing list