[Openswan Users] Re: DES algorithm doesn't work
Paul Wouters
paul at xelerance.com
Sat Mar 25 18:26:40 CET 2006
On Sat, 25 Mar 2006, utkarsh shah wrote:
> Subject: DES algorithm doesn't work
> please guide me if i have made some mistake
> when i use des algorithm as a phase1 algorithm it doesn't work
> ike="3DES-MD5-modp1536!"
> esp="3DES-MD5-1536!"
Don't use "!", that is obsolete syntax. I am not sure if all the matches
are also case insensitive, so do not use capitals.
> other end
> ike="3DES-MD5-modp1536"
> esp="3DES-MD5-1536!"
> ike="DES-MD5-modp1536!"
> esp="3DES-MD5-1536!"
>
> other end
> ike="DES-MD5-modp1536"
> esp="3DES-MD5-1536!"
I dont understand why you would want DES for IKE and 3DES for esp. In fact, I
don'tunderstand why you want DES, it is insecure. To enable 1DES you need
to edit Makefile.inc and enable USE_WEAKSTUFF and in newer versions you also
need to set USE_NOCRYPTO (because 1des is as good as no crypto)
Paul
More information about the Users
mailing list