[Openswan Users] BM 3.8 proposals
Paul Wouters
paul at xelerance.com
Fri Oct 20 15:49:05 EDT 2006
On Fri, 20 Oct 2006, Peter McGill wrote:
> > 10-20-2006 1:57:11 pm Warn :Proposal mismatch PHASE 1 HASH Algorithm mismatch mine : SHA his : MD5 dst : 194.213.50.98 src
> > : 195.39.44.34 cookies[mine :his] C086F55898B016BA : EF3606AB00000004
> >10-20-2006 1:57:11 pm Warn :Proposal mismatch PHASE 1 DH Group mismatch mine : 2 his : unsupported DH Group 5 dst :
> >194.213.50.98 src : 195.39.44.34 cookies[mine :his] C086F55898B016BA : EF3606AB00000010
> > 10-20-2006 1:57:11 pm Warn :Proposal mismatch PHASE 1 Encryption Algorithm mismatch mine : DES his : 3DES dst :
> > 194.213.50.98 src : 195.39.44.34 cookies[mine :his] C086F55898B016BA : EF3606AB00000002
>
> Looks to me like the borderware wants (Single) DES, SHA(1), DH Group 2 (1024 bits).
>
> However, DES is broken, insecure, useless, etc... and as such not allowed by default in Openswan.
> You need to update your Borderware to a newer version that supports better encryption,
> like 3DES or AES, or if it does support them, enable them on the Borderware.
Oh indeed. I missed that!
Paul
More information about the Users
mailing list