[strongSwan] Azure child rekeying loop
Noel Kuntze
noel at familie-kuntze.de
Mon Feb 20 11:29:56 CET 2017
That doesn't really make sense, because modp2048 seems to work when rekeying a CHILD_SA,
so the remote peer has to be able to use that group also when establishing an IKE_SA.
Do you mean, the ones that implemented it just configured crap?
On 20.02.2017 11:28, Andrei-Florian Staicu wrote:
> I really can't, I'm just a tenant there and the ones that implemented it are idiots.
>
>
> On Mon, Feb 20, 2017, 12:19 Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> wrote:
>
> On 20.02.2017 11:18, Andrei-Florian Staicu wrote:
> > ike=aes256-sha1-modp1024!
>
> That DH group is broken in regards to security. Please use a stronger one.
>
> --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>
> --
> Beware of programmers who carry screwdrivers.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170220/6267437a/attachment.sig>
More information about the Users
mailing list