We could change it so no key length means 128, the only mandatory to implement key size...
I noticed that openswan did add 128 for esp but not for ike. Can you tell me which of the two or both are affected with this? Sent from my iPhone > On Sep 19, 2014, at 4:12, Wolfgang Nothdurft <[email protected]> wrote: > > Is the behaviour after commit 68c25611eed93edd459e38deadf01916ab983115 > (https://lists.libreswan.org/pipermail/swan-commit/2014-May/001275.html) > intended? > > This breaks connectivity with old implementations like openswan 2.4, which > doesn't have configured a specific phase2alg. > > We also have a customer with old vigor routers that shows this problem and it > seems that you can do nothing on the vigor site to change this behavior. > > Both sends AES_000-HMAC_SHA1 and can't connect because of the required > keylength attribute > > Log: > IPsec encryption transform did not specify required KEY_LENGTH attribute > sending encrypted notification BAD_PROPOSAL_SYNTAX to 10.0.12.2:500 > > Wolfgang > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
