[Openswan Users] How to change PRF (pseudo random function) in openswan.
Paul Wouters
paul at nohats.ca
Tue Mar 13 11:19:04 EDT 2012
On Tue, 13 Mar 2012, Chintagunta, Murali Mohan Chakravarthy (HPUX-Network Security) wrote:
> I was trying IKEV2 interop tests between openswan and hpux.
>
> I found that SA negotiation failed because of mismatch of the PRF function.
>
> By default HP-UX supports either HMAC-SHA1, it can additionally also support AES-XCBC as PRF. But, openswan is offering HMAC-MD5 by default. Hence the SA nego failed.
> Can anyone please let me know if there a way to change the default PRF on openswan ?? It would be great if someone can point to any documentation.
I thought we picked the prf based on the ike= setting?
So setting ike=aes-sha1 I believe will also set the PRF to hmac-sha1
Paul
More information about the Users
mailing list