[Openswan dev] Pluto esp transform selection behaviour
Frank Schmirler
osdev at schmirler.de
Wed Apr 25 06:37:38 EDT 2007
Hi,
is there a reason why pluto checks only the first esp transform it receives
when configured in strict mode (i.e. esp= given in config)? This leads to
inconsistent behaviour:
Let's assume A is forced to 3des only. If initiator B proposes aes as first
transform and 3des as second one, the connection will fail. If B proposes 3des
first and then aes, everything's fine.
Things work as expected by calling kernel_alg_esp_ok_final() a few lines
further up while looping through all transforms. Patch attached.
BTW: strict ike transforms are processed as expected.
Cheers,
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 1148 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20070425/f8111a5e/attachment.obj
More information about the Dev
mailing list