[Openswan Users] How to change PRF (pseudo random function) in openswan.
Chintagunta, Murali Mohan Chakravarthy (HPUX-Network Security)
murali-mohan.chakravarthy at hp.com
Tue Mar 13 10:15:15 EDT 2012
I was trying IKEV2 interop tests between openswan and hpux.
I found that SA negotiation failed because of mismatch of the PRF function.
By default HP-UX supports either HMAC-SHA1, it can additionally also support AES-XCBC as PRF. But, openswan is offering HMAC-MD5 by default. Hence the SA nego failed.
Can anyone please let me know if there a way to change the default PRF on openswan ?? It would be great if someone can point to any documentation.
| proposal 1 succeeded encr= (policy:3des vs offered:3des)
| succeeded integ=(policy:auth-hmac-md5-96 vs offered:auth-hmac-md5-96)
| failed prf= (policy:prf-hmac-md5 vs offered:prf-hmac-sha1)
| succeeded dh= (policy:OAKLEY_GROUP_MODP1024 vs offered:OAKLEY_GROUP_MODP1024)
| complete v2 state transition with (null)
| state transition function for STATE_PARENT_R1 failed: NO_PROPOSAL_CHOSEN
Thanks a lot,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users