[Openswan Users] IKE algorithms choice
Patrick Naubert
patrickn at xelerance.com
Mon Jul 8 14:29:13 UTC 2013
On 2013-07-01 12:14, Leto wrote:
> there was a strict flag bug. I don't know if the new openswan maintainer applied it or not.
>
> sent from a tiny device
>
> On 2013-07-01, at 11:36, Nick Howitt <n1ck.h0w1tt at gmail.com> wrote:
>
>> I am not sure that is correct and the man pages do not descriibe the observed behaviour. Whenever I've tested, irrespective of what I've specified I've been able to make a connection with some other cipher and protocol. When I've queried this I've been told it is a bug and you have to use the strict flag (!) to enforce your policy. e.g, if I've specified 3des, sha1 and modp1024 I've been able to connect with aes256, sha1 and modp2048.
>>
>> Regards,
>>
>> Nick
Leto, do you mean Libreswan ID 094e11 or ID 8ca367, or both ?
Patrick
More information about the Users
mailing list