[Openswan Users] Openswan support for Ipsec v3

Gupta, Deepak (Deepak) deepak.dg.gupta at alcatel-lucent.com
Thu Nov 5 15:42:43 EST 2009


Many thanks again.

is the syntax for sha2 (256) similar to the sha1 syntax?  How should we specify aes 128 with HMAC-SHA-256.  Should it be:




-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Thursday, November 05, 2009 3:03 PM
To: Gupta, Deepak (Deepak)
Cc: 'users at openswan.org'
Subject: RE: [Openswan Users] Openswan support for Ipsec v3

On Thu, 5 Nov 2009, Gupta, Deepak (Deepak) wrote:

>> From one of your earlier postings (https://gsoc.xelerance.com/issues/496) I gathered that SHA2 can be set for esp as per the following:
> ike=aes256-sha1-4096
> esp=aes256-sha2_256-4096

It should be ike=aes256-sha1-modp4096 ( or aes256-sha1;modp4096)

> And, I also find that the file _startnetkey (not KLIPS) delivered by the IPsec rpm loads all the cipher .ko's.  I was just wondering, for example in the case above, when we specify sha2_256, will pluto load the sha256.ko module automatically?

Yes. the cryptoapi has no way oftriggering loading ciphers, so we just have to preload all the modules we know of. If sha256 is a seperate module and missing, that needs to be added.


More information about the Users mailing list