From: Tobias Brunner Date: Thu, 18 Oct 2012 14:38:22 +0000 (+0200) Subject: Remove MODP groups from default ESP proposal X-Git-Tag: 5.0.2dr4~267 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e74f184cb4b08328640551ff81a197dbffb74055;p=thirdparty%2Fstrongswan.git Remove MODP groups from default ESP proposal This now actually makes pfs=no the default and it equals the default listed in ipsec.conf.5. efc69e9f preserved the default of pfs=yes. --- diff --git a/src/starter/confread.c b/src/starter/confread.c index 6e3ac17d90..fecb998df6 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -36,7 +36,7 @@ #define SA_REPLACEMENT_RETRIES_DEFAULT 3 static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536"; -static const char esp_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536"; +static const char esp_defaults[] = "aes128-sha1,3des-sha1"; static const char firewall_defaults[] = "ipsec _updown iptables";