[Openswan dev] openswan allows mismatched proposals?
paul at xelerance.com
Wed Mar 3 10:40:44 EST 2010
On Tue, 2 Mar 2010, mix.kao wrote:
> and i did another test.
> 1. Configure the same phase1 configuration between two gateways.
> 2. Configure different phase2 in esp parameter ex: gateway1 esp=aes128-md5,
> gateway2 esp=aes256-sha1
> 3. Initiator from gateway 1
> 4. Initiator from gateway 2
> The result is negotiated phase2 configuration will fallow the Initiator's
> proposal if the config is not the same.
I filed this as a bug report https://bugs.openswan.org/issues/1090
I am really surprised you say the hash can be mismatched.... I could understand
the aes128 vs aes256, but the hash mismatch is very surprising.
More information about the Dev