On Thu, 21 Jan 2016, Andrew Cagney wrote:
That, fortunately, is beyond the scope of what I'm changing.
:)
Yes. For instance, given: - initiator proposes KE=1500 MODP=1500 2000 - responder has MODP=4000,2000 then if tje responder sends back INVALID_KE(4000) (its default), instead of INVALID_KE(2000) (from matching proposal), then the initiator is going to drop that response on the floor and an interop that should work won't.
We should never send back a KE value along with INVALID_KE that the originator did not propose - unless maybe only when there is no overlap between initiator and responder groups, so that at least the initiator knows what to add to their proposal next time. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
