[Openswan Users] Some openswan questions
paul at xelerance.com
Wed Apr 20 13:03:11 EDT 2011
On Wed, 20 Apr 2011, Chen, Xuli (James) wrote:
> I’m using openswan-2.6.21-5.3.x86_64.rpm. Does anyone know the answers to following questions?
You should upgrade if possible. Current version is 2.6.33
> Is this version openswan capable of using Oakley Groups 1, 2, and 2048?
You mean group 1,2 and 24? (modp 2048 is group 24)
Yes, openswan supports 1 and 2. RFC-5114 group 22,23 and 24 is supported as of version 2.6.26
if you set USE_MODP_RFC5114=true
> Is this version openswan capable of using HMAC-SHA (class value 2) as the default IKE integrity mechanism as defined in RFC 2409?
> Does it support signature algorithm sha256WithRSAEncryption in certificate and CRL?
Yes, if you set USE_EXTRACRYPTO=true on older versions. On newer version the SHA2 family
is always supported.
More information about the Users