Hi, > esp=aes256gcm16-sha1!
This hardly makes sense. You can specify an integrity algorithm if you have both AEAD and traditional ciphers. The peer then may select either the AEAD or the traditional encryption+integrity algorithms. > Does it removes the -sha1 part Any integrity algorithm specified for an AEAD-only proposal gets silently removed. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
