strongswan uses the cipher suites in the order as listed by first
match instead of complexity. This patch re-orders them so that
maximum complexity is tried first and everything else after.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC"
+CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES256-CBC AES192-GCM128 AES192-CBC AES128-GCM128 AES128-CBC"
INTEGRITIES="SHA512 SHA384 SHA256"
INTEGRITIES="SHA512 SHA384 SHA256"
-GROUP_TYPES="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
+GROUP_TYPES="CURVE25519 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256"
LIFETIME="28800"
PFS="on"
PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256"
LIFETIME="28800"
PFS="on"