On Thu, 9 Apr 2015, Wolfgang Nothdurft wrote:
you can fix this setting phase2alg on the initiator (end1).
@Paul: it seems this was forgotten
https://lists.libreswan.org/pipermail/swan/2014/000899.html
It was not forgotten, but what should we do in that case? It violates
the RFC. Should we assume 128 or 256? Only 128 is mandatory to
implement. I'm still torn. It would be nice to interop with the
old versions, but we have no good idea to know which key size they
mean when specifying none.
I've added a FAQ on it:
https://libreswan.org/wiki/FAQ#.22IPsec_encryption_transform_did_not_specify_required_KEY_LENGTH.22
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
