New commits:
commit 10927ccacbc72b9bae045528cc170906f355a70f
Merge: 833218e6a3 66ceae16ec
Author: Andrew Cagney <cag...@gnu.org>
Date: Mon Sep 15 14:08:32 2025 -0400
Merge ikev1: allow ECP in ESP/AH proposals
close #2421 ikev1, when PFS=yes, tries to negotiate esp=ecp256
commit 66ceae16ec9e8503b9a1e3053a2ff177193d6ed9
Author: Andrew Cagney <cag...@gnu.org>
Date: Mon Sep 15 13:57:12 2025 -0400
testing: in algo-ike-aes128-sha2-ecp, play with IKEv1 PFS
commit afbf14309650bdbf3c8280b21a5ccb48f79e9dee
Author: Andrew Cagney <cag...@gnu.org>
Date: Mon Sep 15 13:48:55 2025 -0400
testing: update expected algparse output
commit 797cdac053db32d323580be76510ce88dede8c16
Author: Andrew Cagney <cag...@gnu.org>
Date: Mon Sep 15 13:47:54 2025 -0400
algparse: when IKEv1, expect esp=aes-sha1-ecp256 et.al. to be ok
commit e78284071a05e70b567cad006246ae4bd991bca4
Author: Andrew Cagney <cag...@gnu.org>
Date: Mon Sep 15 13:43:26 2025 -0400
crypto: for IKEv1 when IKE allows KEM(DH) also allow for ESP/AH
For instance ecp256.
As things stand, even though esp=;ecp256 is disallowed, an IKEv1
conn with ike=;ecp256 pfs=true will include kem=ecp145 when
negotiating the Quick Mode Child SA.
_______________________________________________
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscribe send an email to swan-commit-le...@lists.libreswan.org
