[Openswan Users] Openswan Linux Client to SonicWall Windows

Francesco Peeters Francesco at FamPeeters.com
Wed Sep 27 13:12:18 EDT 2006

On Wed, September 27, 2006 16:51, Paul Wouters wrote:
> On Wed, 27 Sep 2006, Bas Driessen wrote:
>> Going through the lists, I found out that DES is not supported by
>> default in OpenSwan, so I have re-compiled the package by setting the
>> USE_WEAKSTUFF?=true flag in the Makefile.inc and also corrected the line
>> to WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES in the Makefile of Pluto.
>> All compiles OK. I know that 3DES is better etc, but this is out of my
>> control. I have to get it to work with the current setup.
> You might also need to set USE_BROKEN=yes
> 3DES is not "better". 1DES is trivially brute forced. You have no VPN. You
> better make sure your boss knows that, and gets it in writing, so that
> you can blame management for this unwise decision.
Add to that the fact that SNWL ASICS can decrypt 3DES at the same rate as
DES, and there is very little reason not to use it...

Francesco Peeters
GPG Key = AA69 E7C6 1D8A F148 160C  D5C4 9943 6E38 D5E3 7704
If your program doesn't recognize my signature, please visit
http://www.CAcert.org/index.php?id=3 to retrieve the Root CA certificate.

More information about the Users mailing list