Hi, > but if they choose the proposals aes128-sha384-modp2048 or > aes128-sha512-modp2048,wreshark check the ike messages (captured from > the two strongswan servers) integrity checksum data fail;
This is due to a bug in Wireshark. They use SHA-256 to compute the SHA-384 and SHA-512 ICVs for IKEv2. I submitted a patch [1] that fixes this. Regards, Tobias [1] https://code.wireshark.org/review/#/c/335/ _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
