Given IKEv2 config lines like:
ike=aes-...
esp=aes-...
i.e., when no key length was explicitly specified, then pluto will propose:
ike: aes_256 then aes_128
esp: aes_128 then aes_256
i.e., ike and esp have key-lengths in the opposite order
The behaviour is long standing - tests require this - but I'm left
wondering how much of this still makes sense.
Details:
For the case when there is no explicit key length, and it isn't 3DES,
IKEv2 will propose one (same) or both (different) of:
- keydeflen
- keymaxlen (aka max(encrypt->key_bit_lengths[]))
with the order being determined by IKE vs ESP.
Andrew
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
