On 21 January 2016 at 17:24, Paul Wouters <[email protected]> wrote: > On Thu, 21 Jan 2016, Andrew Cagney wrote: > >> That, fortunately, is beyond the scope of what I'm changing. > > > :) > >> Yes. For instance, given: >> >> - initiator proposes KE=1500 MODP=1500 2000 >> - responder has MODP=4000,2000 >> >> then if tje responder sends back INVALID_KE(4000) (its default), >> instead of INVALID_KE(2000) (from matching proposal), then the >> initiator is going to drop that response on the floor and an interop >> that should work won't. > > > We should never send back a KE value along with INVALID_KE that the > originator did not propose - unless maybe only when there is no > overlap between initiator and responder groups, so that at least > the initiator knows what to add to their proposal next time.
Right; pluto did. That's finally fixed. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
