Control: fixed -1 5.3.5-2 On Sat, Dec 31 2016, Yves-Alexis Perez wrote: > On Sat, 2016-12-31 at 14:06 +0100, Dan Guido wrote: >> Please enable AESNI support via the --enable-aesni flag. > > We don't enable libipsec so it doesn't really matter actually, AES is > done in the kernel, which does suppor AES-NI.
I think there may be some confusion. Dan Guido reported this bug against version 5.5.1-2, but perhaps he meant to report the bug against jessie or earlier versions (e.g. 5.2.1-6). Yves-Alexis Perez enabled aesni in alioth commit 8e32f50ac¹, package version 5.3.5-2, which entered sid² and stretch³ in March 2016, about eight months before the report. Also Yves-Alexis Perez mentions this plugin is ineffective without the libipsec backend, but I believe there may be some confusion here too. My understanding is that IKE is handled in userland by whatever plugins are loaded, whereas ESP is handled in kernel, ignoring plugins (essentially restricted to whatever af-alg supports). Particularly true if libstrongswan-standard-plugins is installed (containing aesni) and libstrongswan-extra-plugins is *not* installed (containing af-alg). ¹ https://anonscm.debian.org/cgit/pkg-swan/strongswan.git/commit/?id=8e32f50ac2c90358c14cd36753aa360e8d80ccab ² https://packages.qa.debian.org/s/strongswan/news/20160317T140101Z.html ³ https://packages.qa.debian.org/s/strongswan/news/20160323T163916Z.html -- Gerald Turner <gtur...@unzane.com> Encrypted mail preferred! OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
signature.asc
Description: PGP signature
