From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 9 Oct 2012 12:01:33 +0000 (+0200)
Subject: android: Don't use the default ESP proposal as it includes unsupported algorithms
X-Git-Tag: 5.0.2dr4~351^2~24
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e3d98f2c4c9d65c17ce066b8c1c7a3ef29353f49;p=thirdparty%2Fstrongswan.git

android: Don't use the default ESP proposal as it includes unsupported algorithms
---

diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
index 2a115d2f91..0361b86dab 100644
--- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
@@ -540,7 +540,10 @@ static job_requeue_t initiate(private_android_service_t *this)
 	child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL,
 								 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
 								 0, 0, NULL, NULL, 0);
-	child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+	/* create an ESP proposal with the algorithms currently supported by
+	 * libipsec, no PFS for now */
+	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+							"aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
 	ts = traffic_selector_create_dynamic(0, 0, 65535);
 	child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
 	ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",