On Wed, 23 Sep 2020 13:37:08 -0400 Andrew Cagney <[email protected]> wrote:
> The two choices I point forward were: > <encr>-<prf>-<dh> AES_CBC-HMAC_SHA2_256-DH31 > <encr>-<integ>-<prf>-<dh> > AES_CBC-HMAC_SHA2_256_128-HMAC_SHA2_256-DH31 I guess technically > there's also: <encr>-<integ>-<dh> AES_CBC-HMAC_SHA2_256_128-DH31 > If we don't want to support prf!=integ then, I suspect, not showing > the quad, even when the PRF/INTEG direct map, is safer. > So add -none- and then let the dust settle. I'm ok with that - but it must be documented somewhere that when prf and integrity are same algo is printed only once. And if integrity checking is in algo integrity algoritm is printed as none. But where to document there? -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
