Hello, In the ConnSection documentation:
"esp = <cipher suites> comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g. aes128-sha256. The notation is encryption-integrity[-dhgroup][-esnmode]." What about the authenticated encryption algorithms (e.g. gcm)? Is the integrity algorithm mandatory for parsing but not used? I can't find any relevant information in the IKEv2CipherSuites documentation. BTW, I have another question. In IKEv2, is there a functional difference between multiple proposals (esp=enc1-auth1-..., enc1-auth2-..., enc2-auth1-..., enc2-auth2-...) and multiple algorithms (esp=enc1-enc2-auth1-auth2-...)? Best Regards, Emeric _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
