android: Use stronger ESP proposal including AES-GCM

diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
index 302f732a8c80c2f2bcaaf14fda97814af6a1482f..b22186580119cca252b5fba58b5dd4006a96455b 100644 (file)
--- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
@@ -567,6 +567,12 @@ static job_requeue_t initiate(private_android_service_t *this)
                                                                 FALSE, 0, 0, NULL, NULL, 0);
        /* create an ESP proposal with the algorithms currently supported by
         * libipsec, no PFS for now */
+       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                       "aes128gcm16-aes256gcm16"));
+       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                       "aes128-sha256"));
+       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                       "aes256-sha384"));
        child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
                                                        "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
        ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);