[Openswan Users] Some openswan questions
Chen, Xuli (James)
chenja at avaya.com
Wed Apr 20 13:05:13 EDT 2011
I really appreciate you for your help and support as always.
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Wednesday, April 20, 2011 1:03 PM
To: Chen, Xuli (James)
Cc: users at openswan.org
Subject: Re: [Openswan Users] Some openswan questions
On Wed, 20 Apr 2011, Chen, Xuli (James) wrote:
> I’m using openswan-2.6.21-5.3.x86_64.rpm. Does anyone know the answers to following questions?
You should upgrade if possible. Current version is 2.6.33
> Is this version openswan capable of using Oakley Groups 1, 2, and 2048?
You mean group 1,2 and 24? (modp 2048 is group 24)
Yes, openswan supports 1 and 2. RFC-5114 group 22,23 and 24 is supported as of version 2.6.26
if you set USE_MODP_RFC5114=true
> Is this version openswan capable of using HMAC-SHA (class value 2) as the default IKE integrity mechanism as defined in RFC 2409?
> Does it support signature algorithm sha256WithRSAEncryption in certificate and CRL?
Yes, if you set USE_EXTRACRYPTO=true on older versions. On newer version the SHA2 family
is always supported.
More information about the Users