Thanks Tobias! I have two more questions on compliance: 1. Does StrongSwan support RFC 2405 - The ESP DES-CBC Cipher Algorithm With Explicit IV 2. Do you know if NETKEY support RFC 4301, Section 5.1.1 - Handling an Outbound Packet That Must Be Discarded: If an IPsec system receives an outbound packet that it finds it must discard, it SHOULD be capable of generating and sending an ICMP message to indicate to the sender of the outbound packet that the packet was discarded.
Regds On Sat, Nov 24, 2012 at 10:30 AM, ip flow <[email protected]> wrote: > Hi, > > Does the implementations of supported cipher suites, listed at > http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites > are complaint to RFCs listed below? > > 1. IETF RFC 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec > > 2. IETF RFC 3686: Using Advanced Encryption Standard (AES) Counter > Mode With IPsec Encapsulating Security Payload (ESP) > > 3. IETF RFC 2104: HMAC: Keyed-Hashing for Message Authentication > > 4. IETF RFC 2403: The Use of HMAC-MD5-96 within ESP and AH > > 5. IETF RFC 2404: The Use of HMAC-SHA-1-96 within ESP and AH > > 6. IETF RFC 2857: The Use of HMAC-RIPEMD-160-96 within ESP and AH > > 7. IETF RFC 3566: The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec > > 8. IETF RFC 3664: The AES-XCBC-PRF-128 Algorithm for the Internet Key > Exchange Protocol (IKE) > > Thanks _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
