Hi, > In ipsec.conf,we could actually specify the ike=encryption-integrity-DH group; > so how could i change the prf algorithm being used?
This is currently not possible via ipsec.conf, the specified integrity algorithm is also used as PRF. We could extend that syntax somehow, but I don't think it makes a lot of sense for the end user. > the first one would be: PRF(HMAC_SHA1 and AES128_CBC) and Integrity > (HMAC_SHA1_96) > the secound one would be: PRF(HMAC_SHA1) and Integrity(HMAC_SHA1_96 and > AES_XCBC_96) We discussed this some weeks ago, Jiri posted a patch [1] that worked for his testing efforts. Regards Martin [1]https://lists.strongswan.org/pipermail/users/2010-August/005180.html _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
