[Openswan Users] Some openswan questions

Paul Wouters paul at xelerance.com
Wed Apr 20 13:03:11 EDT 2011

On Wed, 20 Apr 2011, Chen, Xuli (James) wrote:

> I’m using openswan-2.6.21-5.3.x86_64.rpm. Does anyone know the answers to following questions?

You should upgrade if possible. Current version is 2.6.33

> Is this version openswan capable of using Oakley Groups 1, 2, and 2048?

You mean group 1,2 and 24? (modp 2048 is group 24)
Yes, openswan supports 1 and 2. RFC-5114 group 22,23 and 24 is supported as of version 2.6.26
if you set USE_MODP_RFC5114=true

> Is this version openswan capable of using HMAC-SHA (class value 2) as the default IKE integrity mechanism as defined in RFC 2409?


> Does it support signature algorithm sha256WithRSAEncryption in certificate and CRL?

Yes, if you set USE_EXTRACRYPTO=true on older versions. On newer version the SHA2 family
is always supported.


More information about the Users mailing list