From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 22 Apr 2013 13:39:41 +0000 (+0200)
Subject: android: Use stronger ESP proposal including AES-GCM
X-Git-Tag: 5.1.0dr1~165
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=740aedfec11ee2f67298a8091a16907cbd6eee30;p=thirdparty%2Fstrongswan.git

android: Use stronger ESP proposal including AES-GCM
---

diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
index 302f732a8c..b221865801 100644
--- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
@@ -567,6 +567,12 @@ static job_requeue_t initiate(private_android_service_t *this)
 								 FALSE, 0, 0, NULL, NULL, 0);
 	/* create an ESP proposal with the algorithms currently supported by
 	 * libipsec, no PFS for now */
+	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+							"aes128gcm16-aes256gcm16"));
+	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+							"aes128-sha256"));
+	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+							"aes256-sha384"));
 	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
 							"aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
 	ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);