On Wed, 13 Feb 2019, Andrew Cagney wrote:
It would be from more algorithms being added to defaults. But there's
another change I think needs to follow. Namely changing the way IKE
proposals are formatted. Namely remove the smart that suppresses
<integ>, so that what was:
<encrypt>-<prf>-<dh>
AES_CBC-HMAC_SHA1-DH31
AES_GCM_16-HMAC_SHA1-DH31
That is really encrypt-integ-dh right?
We don't specify/print the prf until now because we assume integ == prf
except for AEAD.
becomes the longer:
<encrypts>-<prfs>-<integs>-<dhs>
AES_CBC-HMAC_SHA1-HMAC_SHA1_96-DH31
AES_GCM_16-HMAC_SHA1-NONE-DH31
thoughts?
I'd prefer encr-integ-prf-dh maybe ? I don't know.
I'll look at this. It wasn't expected. IKE proposals should prefer
256 while ESP proposals should prefer 128.
Ok,
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
