On Wed, 20 May 2015, Wolfgang Nothdurft wrote: [ going through old email ]
Subject: [Swan-dev] esp/ah proposal sets not working properly I opened a ticket and added a patch: https://bugs.libreswan.org/show_bug.cgi?id=228
I see. I checked the regular case of different order algos, and that works. I did not test with a version with less ESP support (eg KLIPS without sha256). You are probably right and we should fix this.
Are there any plans to use stronger proposals in the default set? Because than there will be another problem with old versions (see ticket)
Yes, but only for IKEv2. I'd say let's pick this up when we do the work on esp=chacha20-poly1305 and we see kernels that do and do not support that algorithm. Especially, because some people will have a strong preference for this non-NIST cipher and probably add it first to the proposal list. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
