On Thu, 14 Oct 2021, Lennart Sorensen wrote:
"crypto map set security-association lifetime kilobytes 4608000" - I do not see
this parameter in the configuration. the changelog doesn't mention this
Note also that 4.6MB is a very small amount of traffic if this lifetime
is associated with ESP. For IKE it might be okay, but a little strange
to specify.
4608000 kilobytes is 4.6GB so not terribly small.
Oh yes. While libreswan's default is bytes, the cisco option uses
kilobytes. Thanks for spotting that. 4.6GB does appear to match
the FIPS requirements for maximum traffic by a single key for 3DES :)
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
