On Tue, 24 Feb 2015, Andrew Cagney wrote:
Never post before lunch, or coffee, here are better O() guesses:
[ more statistics ] Can we go through the received list of transforms and delete those we know we do not support/allow as a preprocessing item? Before we try to combine these bits? In our default proposal, we would have (ignoring for now combos that are not allowed) ENC: aes_cbc, aes_gcm, 3des INTEG: sha2_256_, sha2_512, sha1, md5, null PRF: sha2_256_, sha2_512, sha1, md5 DH: 1024, 1536, 2048 If strongswan now comes with 16 PRF's, we can just delete 12 of them. If they come with 10+ DH groups, we can just delete all but 3. Once done, we do the combinatory explosion. Then we take good care not to allow illegal combinations like aes_cbc-null or aes_gcm-md5. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
