[Openswan Users] IKE and SHA2
Ken Bantoft
ken at xelerance.com
Thu Mar 25 14:31:14 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This was fixed, IIRC, back around 1.99.8.1rc series, which means it's
fixed in Openswan 1.*
There was a off-by-one bug in the code to fetch the list of alg's, which
led to a crash - JuanJo fixed it.
On Thu, 25 Mar 2004, Tiago Freitas Leal wrote:
>
> "Maxim Tyurin" <mrkooll at tdr.pibhe.com> writes:
> > "Tiago Freitas Leal" <tfl at netcabo.pt> writes:
> >
> > > On SuperFreeS/WAN 1.99.8 when using
> > >
> > > ike=<enc>-sha2_256 or ike=<enc>-sha2_512
> > >
> > > ipsec auto --status and ipsec whack --status fail to execute until the
> last connection. They end ("crash") with the first connection description
> that uses sha2.
> > >
> > > MOST IMPORTANT - pluto restarts.
> > >
> > > Is it fixed in OpenSwan?
> >
> > Its work in super freeswan 1.99.8
> >
> > I use ike=twofish128-sha2_512
>
> I was using aes and 3des. I tried twofish and got the same result.
>
> The tunnel works all right. The problem is I can't "ipsec auto --status".
> Can you?
- --
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAYt8lPiOgilmwgkgRArRbAKC2pF6SYA0UCZ0YnPUbA+h77HVvHwCgqVGx
KQajA+md4MAt9mspD1d14Dc=
=pekb
-----END PGP SIGNATURE-----
More information about the Users
mailing list