We could change it so no key length means 128, the only mandatory to implement 
key size... 

I noticed that openswan did add 128 for esp but not for ike. Can you tell me 
which of the two or both are affected with this? 

Sent from my iPhone

> On Sep 19, 2014, at 4:12, Wolfgang Nothdurft <[email protected]> wrote:
> 
> Is the behaviour after commit 68c25611eed93edd459e38deadf01916ab983115 
> (https://lists.libreswan.org/pipermail/swan-commit/2014-May/001275.html) 
> intended?
> 
> This breaks connectivity with old implementations like openswan 2.4, which 
> doesn't have configured a specific phase2alg.
> 
> We also have a customer with old vigor routers that shows this problem and it 
> seems that you can do nothing on the vigor site to change this behavior.
> 
> Both sends AES_000-HMAC_SHA1 and can't connect because of the required 
> keylength attribute
> 
> Log:
> IPsec encryption transform did not specify required KEY_LENGTH attribute
> sending encrypted notification BAD_PROPOSAL_SYNTAX to 10.0.12.2:500
> 
> Wolfgang
> _______________________________________________
> Swan mailing list
> [email protected]
> https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to