Hmmm, in fact, very strange collection of cipher suites the strongSwan Android client is proposing:
received proposals: ESP: AES_CBC_128/AES_CBC_192/AES_CBC_256/ 3DES_CBC/BLOWFISH_CBC_256/ HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/ NO_EXT_SEQ I'm not aware that libipsec would support blowfish_cbc, 3des_cbc, aes_xcbc, and hmac_md5_96 and sha256_128,sha384_192 and sha512_256 are prominently missing. Tobias could you check that? Regards Andreas On 27.09.2012 05:19, Mark M wrote: > Hi, > > I have been trying to get my Android client to work with aes256 with > esp=aes256-sha256-aes256 but it would always default to aes128, the > default. After looking at the logs for awhile I noticed that the client > sends very few proposals and the only one I could get to work is > esp=aes256-sha1-modp1024! > > so for my connection I use > > ike=aes256-sha256-modp1024! > esp=aes256-sha1-modp1024! > > Is this the best I can for the Android client? Is there a list of > supported cipher suites for the Android client?. I am also using this > connection for a server 2008/Windows 7 client and noticed that they send > different cipher suites as well and had to settle on the ones I posted > above for both the Windows client and Android to work at the same time. > > Mark- > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
