[strongSwan] IKEV2 Support for 96-bit HMAC-SHA-256
Tobias Brunner
tobias at strongswan.org
Wed Oct 27 16:10:17 CEST 2021
Hi Obi,
> The environment is Stronswan version 5.5.3, Linux kernel 4.1.52.
Were there any patches applied? Are you sure you're using the
kernel-netlink and not the kernel-pfkey plugin? Because since 4.3.6
there is a static mapping in the kernel-netlink plugin from
AUTH_HMAC_SHA2_256_96 to "sha256" (instead of "hmac(sha256)"). So with
any version newer than that, there should never be this message:
> algorithm HMAC_SHA2_256_96 not supported by kernel!
Unless the integrity_algs array was deliberately modified or you are not
using the kernel-netlink plugin.
Regards,
Tobias
More information about the Users
mailing list