On Thu, Jan 11, 2007 at 12:42:13PM -0800, Russell Mitchell wrote:
> Tried to set p1_xform { ... encr_alg aes ... } in ike/config and it throws
> the following error:
>
> phase 1 transform must specify an encr algorithm
>
> Note that "encr_algs aes" works fine in ipsecinit.conf.
This is bug 4797442 (Enable AES encryption for the IKE exchange), which is
fixed in Nevada/OpenSolaris build 29, and will be landing in Solaris 10
Update 4 soon.
> What I would really like is to use sha2 for authentication and aes for
> encryption, in both ike/config and ipsecinit.conf. sha2 does not appear to
> work for either.
We don't have an RFE filed yet, but it IS on our radar screens (along with
AES in modes other than CBC).
Dan
