[Openswan Users] Openswan support for Ipsec v3
Paul Wouters
paul at xelerance.com
Thu Nov 5 15:02:57 EST 2009
On Thu, 5 Nov 2009, Gupta, Deepak (Deepak) wrote:
>> From one of your earlier postings (https://gsoc.xelerance.com/issues/496) I gathered that SHA2 can be set for esp as per the following:
>
> ike=aes256-sha1-4096
> esp=aes256-sha2_256-4096
It should be ike=aes256-sha1-modp4096 ( or aes256-sha1;modp4096)
> And, I also find that the file _startnetkey (not KLIPS) delivered by the IPsec rpm loads all the cipher .ko's. I was just wondering, for example in the case above, when we specify sha2_256, will pluto load the sha256.ko module automatically?
Yes. the cryptoapi has no way oftriggering loading ciphers, so we just have to preload
all the modules we know of. If sha256 is a seperate module and missing, that needs to be
added.
Paul
More information about the Users
mailing list