[Pkg-swan-devel] strongswan-starter: received NO_PROPOSAL_CHOSEN error notify

[Yves-Alexis Perez]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 2025-09-03 at 11:28 +0200, Andreas Tscharner wrote:
> 
> As it turned out, it was my configuration that worked with 6.0.1, but 
> does no longer with 6.0.2.
> I had in my ipsec.conf
> 
>          ike=3des-md5-modp1024
>          esp=3des-md5
> 
> This worked for 6.0.1; for 6.0.2 I had to add an exclamation mark
> 
>          ike=3des-md5-modp1024!
>          esp=3des-md5!
> 
> It now works for 6.0.2

That's good to know. But you *really* need to migrate your setup if it's in
production, because those algorithms are pretty insecure now.

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmi4EggACgkQ3rYcyPpX
RFsjvgf+J9fSl2F4DuowI+mfvTXuKEVA7ramZt7i2uHqKT45SotJ/qsTfnGAF/aw
chP+Fl+Jc3VkY3+fdHW3a9wqYHrlZp2yal8Ky2TIULtpMAiwZPaf7YWi941dSXGY
jSBDKYshauP7gD/Omwxt5nkD3qQ/TtrsF2xMKmX5SkfxzJ3SR6JGTyjYV7px4s5l
b4seP1wDG2mzrwFt0AumvWV/rObvAORfi4WHA6WgKhb3kt1Tq18EAeO0kF8nP2kD
2p+E21KO95LfSjDbVsAYkMt5nGP1j/cmsyAdJJwyoin1cyQdHqyQ7FdGQzL3mMMO
NNs9oFBdrxUlnmI9ZFw2XMQTZfsNQQ==
=P7yk
-----END PGP SIGNATURE-----