That doesn't really make sense, because modp2048 seems to work when rekeying a CHILD_SA, so the remote peer has to be able to use that group also when establishing an IKE_SA. Do you mean, the ones that implemented it just configured crap?
On 20.02.2017 11:28, Andrei-Florian Staicu wrote: > I really can't, I'm just a tenant there and the ones that implemented it are > idiots. > > > On Mon, Feb 20, 2017, 12:19 Noel Kuntze <[email protected] > <mailto:[email protected]>> wrote: > > On 20.02.2017 11:18, Andrei-Florian Staicu wrote: > > ike=aes256-sha1-modp1024! > > That DH group is broken in regards to security. Please use a stronger one. > > -- > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > > -- > Beware of programmers who carry screwdrivers. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
