[strongSwan] charon says "DH group MODP_1024 inacceptable, requesting MODP_1536"

Rayson Zhu vfreex at gmail.com
Wed Oct 28 10:18:28 CET 2015


yes, but only if you don't use high encryption.
so sad.

On Wed, Oct 28, 2015 at 4:56 PM, Roger Skjetlein <rskjetlein at netrunner.nu>
wrote:

> I found out that this combination works with of the devices out there:
>         ike = 3des-sha1-modp1024
> esp = aes256-sha1,aes192-sha1,aes128-sha1
>
> windows 7 to 10, os x 10.11, ios 8 and 9, android...
>
> On Wed, Oct 28, 2015 at 2:50 AM, Rayson Zhu <vfreex at gmail.com> wrote:
>
>> I met this issue too. I have to change my cipher suite to
>> aes128-sha-1-modp1024 to connect IOS devices.
>>
>>
>> On Tuesday, October 27, 2015, Tobias Brunner <tobias at strongswan.org>
>> wrote:
>>
>>> Hi Harald,
>>>
>>> > If I got you correctly I would have to move back to DH2, just to make
>>> > the iphone users happy.
>>>
>>> Correct, or you use a configuration profile with DiffieHellmanGroup set
>>> to one of the other groups Apple claims to support (I don't know which
>>> of them actually work, though): 2 (Default), 5, 14, 15, 16, 17, or 18.
>>>
>>> > Do you know of any commitments from Apple to fix this?
>>>
>>> No idea.  I wasn't the one adding that information to the wiki.  But you
>>> could report the bug to Apple to get a rough idea when it is fixed.  In
>>> this case they will close your bug report and mark it as duplicate and
>>> you won't get any direct status updates etc. but you can see whether the
>>> original ticket is still open or not.
>>>
>>> Regards,
>>> Tobias
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.strongswan.org
>>> https://lists.strongswan.org/mailman/listinfo/users
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>
>
>
>
> --
> "Over vidden flyger renen;
> efter den i vind og væde! -
> Bedre det, end bryde stenen
> op af fattig jord dernede!"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151028/a6c1b93f/attachment.html>


More information about the Users mailing list