[Openswan Users] BM 3.8 proposals

Paul Wouters paul at xelerance.com
Fri Oct 20 15:49:05 EDT 2006


On Fri, 20 Oct 2006, Peter McGill wrote:

> > 10-20-2006 1:57:11 pm Warn :Proposal mismatch  PHASE 1  HASH Algorithm mismatch  mine : SHA  his : MD5   dst : 194.213.50.98  src
> > : 195.39.44.34  cookies[mine :his]  C086F55898B016BA : EF3606AB00000004
> >10-20-2006 1:57:11 pm Warn :Proposal mismatch  PHASE 1  DH Group mismatch   mine : 2     his :  unsupported DH Group 5     dst :
> >194.213.50.98  src : 195.39.44.34  cookies[mine :his]  C086F55898B016BA : EF3606AB00000010
> > 10-20-2006 1:57:11 pm Warn :Proposal mismatch  PHASE 1  Encryption Algorithm mismatch   mine : DES  his : 3DES   dst :
> > 194.213.50.98  src : 195.39.44.34  cookies[mine :his]  C086F55898B016BA : EF3606AB00000002
>
> Looks to me like the borderware wants (Single) DES, SHA(1), DH Group 2 (1024 bits).
>
> However, DES is broken, insecure, useless, etc... and as such not allowed by default in Openswan.
> You need to update your Borderware to a newer version that supports better encryption,
> like 3DES or AES, or if it does support them, enable them on the Borderware.

Oh indeed. I missed that!

Paul


More information about the Users mailing list