proposal: Add ESN transform to default ESP AEAD proposal
The commit mentioned below adds an AES-GCM default proposal for ESP. That
proposal does not include any ESN or non-ESN transform to indicate if
extended sequence numbers are supported.
A standards-compliant peer will include one or more ESN support transforms,
and will be unable to select this proposal due to a proposal mismatch.
Fix the default AES-GCM proposal by adding a NO_ESN algorithm. While ESN has
been supported in the Linux kernel for a while, having it in the default
proposal can be problematic with kernel-libipsec or on other platforms.
Fixes: c7bef954eec6 ("proposal: Add AES-GCM to the ESP default AEAD proposal")
Closes strongswan/strongswan#868
projects / people / ms / strongswan.git / commit
