[Openswan Users] Openswan support for Ipsec v3
Gupta, Deepak (Deepak)
deepak.dg.gupta at alcatel-lucent.com
Thu Nov 5 15:42:43 EST 2009
Many thanks again.
is the syntax for sha2 (256) similar to the sha1 syntax? How should we specify aes 128 with HMAC-SHA-256. Should it be:
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, November 05, 2009 3:03 PM
To: Gupta, Deepak (Deepak)
Cc: 'users at openswan.org'
Subject: RE: [Openswan Users] Openswan support for Ipsec v3
On Thu, 5 Nov 2009, Gupta, Deepak (Deepak) wrote:
>> From one of your earlier postings (https://gsoc.xelerance.com/issues/496) I gathered that SHA2 can be set for esp as per the following:
It should be ike=aes256-sha1-modp4096 ( or aes256-sha1;modp4096)
> And, I also find that the file _startnetkey (not KLIPS) delivered by the IPsec rpm loads all the cipher .ko's. I was just wondering, for example in the case above, when we specify sha2_256, will pluto load the sha256.ko module automatically?
Yes. the cryptoapi has no way oftriggering loading ciphers, so we just have to preload all the modules we know of. If sha256 is a seperate module and missing, that needs to be added.
More information about the Users