[Openswan Users] Openswan support for Ipsec v3
Gupta, Deepak (Deepak)
deepak.dg.gupta at alcatel-lucent.com
Thu Nov 5 15:42:43 EST 2009
Paul,
Many thanks again.
is the syntax for sha2 (256) similar to the sha1 syntax? How should we specify aes 128 with HMAC-SHA-256. Should it be:
esp=aes128-sha2_256
Thanks,
-Deepak
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, November 05, 2009 3:03 PM
To: Gupta, Deepak (Deepak)
Cc: 'users at openswan.org'
Subject: RE: [Openswan Users] Openswan support for Ipsec v3
On Thu, 5 Nov 2009, Gupta, Deepak (Deepak) wrote:
>> From one of your earlier postings (https://gsoc.xelerance.com/issues/496) I gathered that SHA2 can be set for esp as per the following:
>
> ike=aes256-sha1-4096
> esp=aes256-sha2_256-4096
It should be ike=aes256-sha1-modp4096 ( or aes256-sha1;modp4096)
> And, I also find that the file _startnetkey (not KLIPS) delivered by the IPsec rpm loads all the cipher .ko's. I was just wondering, for example in the case above, when we specify sha2_256, will pluto load the sha256.ko module automatically?
Yes. the cryptoapi has no way oftriggering loading ciphers, so we just have to preload all the modules we know of. If sha256 is a seperate module and missing, that needs to be added.
Paul
More information about the Users
mailing list