On Mon, Nov 19, 2007 at 12:26:16PM +0100, Mitja Mu?eni? wrote: > As far as I can tell, currently in ipsec.conf there is no way to use AES > with KEY_LENGHT=256. Is anybody working on adding this? Otherwise I might > try it when the time permits. > > I'm thinking that isakmpd should first learn about a new default transform, > let's say AES256 - then adding that into ipsecctl/ipsec.conf should be > pretty much trivial.
this sounds like a reasonable approach to me. > > The other route is not to add this new default transform to isakmpd, but to > have ipsecctl generate a config with a non-default transform - this does not > touch isakmpd at all, but is less than trivial in ipsecctl. > > Thoughts, anyone? > > Mitja
