[Openswan Users] OpenSwan 2.3.1 implements AES on Phase 1?

Stephan Scholz sscholz at astaro.com
Mon Jul 18 11:38:46 CEST 2005

Openswan 2.3.1 has a bug concerning AES 256. It falsely uses
AES128 instead of AES256 for encryption. I believe this is fixed in CVS.


Cassio Bobsin Machado wrote:
> I'm trying to connect with a CiscoPIX that requires AES-256, SHA1,
> DHG2 for Phase 1 and, after some log analisys, I've reached a problem.
> When preparing ISAKMP Proposal, OpenSwan does not try to make any
> combination with AES, only tries with 3DES for encryption.
> I couldn't find in any documentation from OpenSwan (they're a bit
> confusing, mixing old FreeSwan info) that covers this issue.
> I tried to force with parameters like "ike=aes" or a dozen of other
> variations but, when I try any of these, it simply does not parse
> Do I have to apply any patch? Modify any config file?
> Best regards,
> Cassio Bobsin Machado
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list