<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Ken ,<br>
<br>
I'm going to break down and go openswan today and get things up and
running. Is it possible then for me to define DES in the config file?
So that openswan only sends out the DES, AES, or 3DES proposal? I
thought I remember reading something about that back with
superfreeswan. <br>
<br>
Something like:<br>
<br>
encrypt: DES<br>
<br>
/David<br>
<br>
Ken Bantoft wrote:<br>
<blockquote
cite="midPine.LNX.4.44.0402111558310.12917-100000@brock.xelerance.com"
type="cite">
<pre wrap="">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 11 Feb 2004, David Prestwich wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello all,
I am using an outdated freeswan 1.95 that works great but doesn't have
all the functionality that the newer versions have. (I plan on
upgrading just need the time and resources). I've ran into a little
snag with a cisco IOS version 12.2 this past week and I know that it is
a fault in the way it runs their proposal. In essence, freeswan sends
out all the proposals as it should yet IOS fails on the first proposal
of 3DES because the domain admin on the other side has set the
configuration to DES. I asked if he would switch this to 3DES but he
states he can't until he does an upgrade on their side to allow 3DES.
During the connection the SA is established but no proposal is chosen
because their side does not want to get set to 3DES. I can use DES on
my 1.95 version and am using it currently with several sites. My
question is: (and I'm pretty sure I know the answer) can I set 1.95 to
tell it which level of encryption to use? I know in the newer version
you can define say DES or 3DES but can you do this with the older ones?
I don't think that you can. Any feedback would be great. Thanks.
</pre>
</blockquote>
<pre wrap=""><!---->
Single DES is not supported in any version of FreeS/WAN, and won't be.
Openswan 1.0.0 has some support for it - it's disabled by default so you
need to turn it on at compile time.
You were right to ask them to upgrade - 1DES is considered insecure by
today's standards.
- --
Ken Bantoft                        VP Business Development
<a class="moz-txt-link-abbreviated" href="mailto:ken@xelerance.com">ken@xelerance.com</a>                Xelerance Corporation
sip://toronto.xelerance.com        <a class="moz-txt-link-freetext" href="http://www.xelerance.com">http://www.xelerance.com</a>
The future is here. It's just not evenly distributed yet.
-- William Gibson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAKpfKPiOgilmwgkgRAi+lAJ9heR+DuiJEAxW8JFgrDn3rz19u6gCgidL3
PaliPXBQfdMs0hoDUt0mlIY=
=RQqh
-----END PGP SIGNATURE-----
</pre>
</blockquote>
<br>
</body>
</html>