On Wed, 13 Feb 2019 at 10:16, Paul Wouters <[email protected]> wrote: > > On Wed, 13 Feb 2019, D. Hugh Redelmeier wrote: > > > I ran the tests last evening. The new failures look simple to fix. > > > > I include a diff of the summary from the previous run > > (summary produced by "testing/utils/kvmresults.py testing/pluto/"). > > I'm going to ignore the changes due to andrew's algorithm changes from > the last few days, assuming those will be updated.
It would be from more algorithms being added to defaults. But there's another change I think needs to follow. Namely changing the way IKE proposals are formatted. Namely remove the smart that suppresses <integ>, so that what was: <encrypt>-<prf>-<dh> AES_CBC-HMAC_SHA1-DH31 AES_GCM_16-HMAC_SHA1-DH31 becomes the longer: <encrypts>-<prfs>-<integs>-<dhs> AES_CBC-HMAC_SHA1-HMAC_SHA1_96-DH31 AES_GCM_16-HMAC_SHA1-NONE-DH31 thoughts? > > Ah few cases got their default key size to go from 128 to 256? Probably > as a result of the proposal parser changes? I'm fine with that. Let uses > go back to 128 key manually if they really want to do that. I'll look at this. It wasn't expected. IKE proposals should prefer 256 while ESP proposals should prefer 128. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
