[Openswan Users] Should Openswan 2.6.24 do kernel patch?
Paul Wouters
paul at xelerance.com
Tue Feb 9 11:36:29 EST 2010
On Mon, 8 Feb 2010, mix.kao wrote:
> yes, i use the klips as a kernel module (ipsec.ko)
> And i have crypto_algapi with des_generic
> protostack=klips
> ike=3des-sha1-MODP1024,3des-md5-MODP1024,3des-sha1-MODP768,3des-md5-MODP768,des-sha1-MODP1024,des-md5-MODP1024,des-sha1-MODP768,des-md5-MODP768
> esp=3des-sha1-96,3des-md5-96,des-sha1-96,des-md5-96
> ipsec whack --status
>
> I only get DES support on IKE, no ESP_DES.
> Anything i missing?
Did you enable 1DES when configuring cryptoapi? Perhaps cryptoapi has removed
1des support as well because it can be broken in 2 days?
The "des" code is the same as the "3des" code, so any "des" reference does not
automatically mean you have "1des" support, it could be only used for "3des.
Paul
More information about the Users
mailing list