[Openswan Users] manual keying: encryption-only connection with DES

hiren joshi joshihirenn at gmail.com
Thu Jan 29 10:01:32 EST 2009


I solved this in openswan-2.4.9 with the following:

--- programs/spi/spi.c.orig     Sun Jan 18 05:48:16 2009
+++ programs/spi/spi.c  Sun Jan 18 05:48:41 2009
@@ -420,7 +420,7 @@ int decode_esp(char *algname)
   } else if(!strcmp(algname, "3des")) {
     esp_alg = XF_ESP3DES;
 #ifdef KERNEL_ALG
-  } else if((alg_info=alg_info_esp_create_from_str(algname, &alg_err,
FALSE))) {
+  } else if((alg_info=alg_info_esp_create_from_str(algname, &alg_err,
TRUE))) {
     int esp_ealg_id, esp_aalg_id;

     esp_alg = XF_OTHER_ALG;

Does it look okay?

Thanks for you time.

Regards,
-hiren

On Wed, Jan 28, 2009 at 11:55 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Wed, 28 Jan 2009, hiren joshi wrote:
>
>  Date: Wed, 28 Jan 2009 20:38:05 +0530
>> From: hiren joshi <joshihirenn at gmail.com>
>> To: users at openswan.org
>> Subject: [Openswan Users] manual keying: encryption-only connection with
>> DES
>>
>> Hello,
>>
>> I tried to setup a manually keyed encryption-only connection with DES
>> (for compatibility reasons).
>> But failed.
>>
>
> Did you set USE_WEAKSTUFF=true and USE_NOCRYPTO=true in Makefile.inc ?
>
> Though really, I'm tempted to again rip out all of 1DES. It was unsafe
> 5 years ago, it is even more unsafe now.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090129/d42a3c34/attachment.html 


More information about the Users mailing list