[Openswan Users] How to specify which authentication and
encryption algorithms to use ?
Abhijit Mirajkar
abhijit at moschip.com
Thu May 19 15:28:24 CEST 2005
>
> > Now I want to use different combinations of authentication and
encryption
> > algorithms. Is it possible just by adding an 'esp' entry to the above
file?
> > e.g. esp=3des-md5
>
> Ys.
Thanks Paul. I also confirmed it by putting debug prints in ipsec_xmit.c in
the function ipsec_xmit_encap_once().
>
> > Also what are the default values it is currently taking?
>
> Currently, it defaults to AES with SHA1 I believe, but it will accept
anything
> with 3DES/AES and SHA1/MD5
>
>From my prints it seems that it defaults to AES-MD5.
However I could not put it into AH-only mode. If you add the following lines
:
-----
auth=ah
ah=hmac-md5-96
-----
then it gives, 3DES encryption with no authentication in ESP, and AH with
SHA1 !!
This happens even when I have specifically set 'auth=ah'. There should not
be any ESP done, and the authentication also should be MD5 not SHA1.
Is this a bug ?
Also how do I put it into ESP with no authentication mode ?
Regards,
Abhijit
More information about the Users
mailing list