On Tue, 18 Jan 2022, Mirsad Goran Todorovac wrote:
The empirical evidence shows that Windows 10 Pro 21H1 still reverts back to
MODP1024 when
rekeying. This is just not logical behaviour and IMHO defeats the purpose of
having
NegotiateDH2048_AES256 key in the first place.
Even when Microsoft fixes this bug, it will still take months and years for
clients to
upgrade to the latest protocol fix.
It has been years since we reported this bug to them. I tried renewed
channels as well.
I wish I knew the people who could influence these things in Microsoft and
Android OS
vendors.
I had a direct link with Microsoft in the past, but all those people
moved on. I tried publicly shaming them and that didn't work either.
We were very reluctant adding the option. The best workaround is to
let windows do the idle timeout before rekey and re-establish, but I
don't think that can be done automated without losing your connection.
And note that last week, they completely broken VPN / L2TP stuff with
their updates, so while they will be working on fixing that, it shows
their lack of expertise and care. Your best bet is really to move
everyone off of Microsoft and onto Apple.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
