New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Maybe add support for SHA2_512 in pubkey_authenticator.c ? #2012
Comments
I don't think that's the default. They might base their decision on some settings or other variables (e.g. PRF or the schemes used in the certificates). The problem is that Cisco apparently still doesn't support RFC 7427, which adds proper support for signature schemes that aren't based on SHA-1. |
You are completly right of course, they should support RFC 7427. Cisco just doesn't care about being compatible, as always ;-) |
Is your feature request related to a problem? Please describe.
When using strongswan with cisco servers, the authentication fails because cisco servers expect SHA2_512 as default.
Strongswan only has SHA1 as SHA authentication availiable.
Describe the solution you'd like
We just hacked/patched the source in /src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c (line 603 ff)
basically like this:
Describe alternatives you've considered
None
Additional context
Maybe there is another configuration possibility to allow cisco device to work with strongswan, but we needed SHA authentication to work.
The text was updated successfully, but these errors were encountered: