On 22 August 2017 at 11:29, Paul Wouters <[email protected]> wrote:
> Merging them into one seems the best. If there is no different structs
> behind them
>
>
Done, and much dead code removed ...
> IKE algorithms wanted: AES_CBC-HMAC_SHA1-MODP2048
> IKE algorithms found: AES_CBC_128-HMAC_SHA1-MODP2048
here, after some flip flopping I went with the former vis:
AES_CBC-HMAC_SHA1-MODP2048
so it matches what the user entered; and doesn't, I think misleadingly,
show just the default key length when it is the MAX key length that will
likely be accepted.
> - for esp/ah the only difference is the addition of PFS in the first
> line (if at all):
>
> ESP algorithms wanted: AES(12)_128-SHA2_512(7); pfsgroup=MODP2048(14)
> ESP algorithms loaded: AES(12)_128-SHA2_512(7)
>
> I suspect, on both cases, the two lines can be merged into one?
and here, so that the output can be fed back into the parser, it was
changed to:
AES_CBC_128-HMAC_SHA2_512_256-MODP2048
In the case of IKEv2, the other thing that might be interesting is a dump
of the raw proposal; but that is already is sent to pluto log. Later.
Andrew
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
