[Openswan Users] IKE algorithms choice

Patrick Naubert patrickn at xelerance.com
Mon Jul 8 14:29:13 UTC 2013

On 2013-07-01 12:14, Leto wrote:

> there was a strict flag bug. I don't know if the new openswan maintainer applied it or not. 
> sent from a tiny device 
> On 2013-07-01, at 11:36, Nick Howitt <n1ck.h0w1tt at gmail.com> wrote:
>> I am not sure that is correct and the man pages do not descriibe the observed behaviour. Whenever I've tested, irrespective of what I've specified I've been able to make a connection with some other cipher and protocol. When I've queried this I've been told it is a bug and you have to use the strict flag (!) to enforce your policy. e.g, if I've specified 3des, sha1 and modp1024 I've been able to connect with aes256, sha1 and modp2048.
>> Regards,
>> Nick

Leto, do you mean Libreswan ID 094e11 or ID 8ca367, or both ?


More information about the Users mailing list