[Openswan dev] openswan allows mismatched proposals?

Paul Wouters paul at xelerance.com
Wed Mar 3 10:40:44 EST 2010

On Tue, 2 Mar 2010, mix.kao wrote:

> and i did another test.
> 1. Configure the same phase1 configuration between two gateways.
> 2. Configure different phase2 in esp parameter ex: gateway1 esp=aes128-md5, 
> gateway2 esp=aes256-sha1
> 3. Initiator from gateway 1
> 4. Initiator from gateway 2
> The result is negotiated phase2 configuration will fallow the Initiator's 
> proposal if the config is not the same.

I filed this as a bug report https://bugs.openswan.org/issues/1090

I am really surprised you say the hash can be mismatched.... I could understand
the aes128 vs aes256, but the hash mismatch is very surprising.


More information about the Dev mailing list