[Openswan Users] Some openswan questions

Chen, Xuli (James) chenja at avaya.com
Wed Apr 20 13:05:13 EDT 2011


I really appreciate you for your help and support as always.

Regards,
James

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Wednesday, April 20, 2011 1:03 PM
To: Chen, Xuli (James)
Cc: users at openswan.org
Subject: Re: [Openswan Users] Some openswan questions

On Wed, 20 Apr 2011, Chen, Xuli (James) wrote:

> I’m using openswan-2.6.21-5.3.x86_64.rpm. Does anyone know the answers to following questions?

You should upgrade if possible. Current version is 2.6.33

> Is this version openswan capable of using Oakley Groups 1, 2, and 2048?

You mean group 1,2 and 24? (modp 2048 is group 24)
Yes, openswan supports 1 and 2. RFC-5114 group 22,23 and 24 is supported as of version 2.6.26
if you set USE_MODP_RFC5114=true

> Is this version openswan capable of using HMAC-SHA (class value 2) as the default IKE integrity mechanism as defined in RFC 2409?

Yes.

> Does it support signature algorithm sha256WithRSAEncryption in certificate and CRL?

Yes, if you set USE_EXTRACRYPTO=true on older versions. On newer version the SHA2 family
is always supported.

Paul


More information about the Users mailing list