You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When using strongswan with cisco servers, the authentication fails because cisco servers expect SHA2_512 as default.
Strongswan only has SHA1 as SHA authentication availiable.
Describe the solution you'd like
We just hacked/patched the source in /src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c (line 603 ff)
basically like this:
Additional context
Maybe there is another configuration possibility to allow cisco device to work with strongswan, but we needed SHA authentication to work.
The text was updated successfully, but these errors were encountered:
the authentication fails because cisco servers expect SHA2_512 as default.
I don't think that's the default. They might base their decision on some settings or other variables (e.g. PRF or the schemes used in the certificates).
The problem is that Cisco apparently still doesn't support RFC 7427, which adds proper support for signature schemes that aren't based on SHA-1.
Is your feature request related to a problem? Please describe.
When using strongswan with cisco servers, the authentication fails because cisco servers expect SHA2_512 as default.
Strongswan only has SHA1 as SHA authentication availiable.
Describe the solution you'd like
We just hacked/patched the source in /src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c (line 603 ff)
basically like this:
Describe alternatives you've considered
None
Additional context
Maybe there is another configuration possibility to allow cisco device to work with strongswan, but we needed SHA authentication to work.
The text was updated successfully, but these errors were encountered: