1 files changed, 19 insertions, 5 deletions

diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 011c0b8b0..a2dc113a5 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -273,7 +273,8 @@ static bool select_algo(private_proposal_t *this, proposal_t *other,
 }
 
 METHOD(proposal_t, select_proposal, proposal_t*,
-	private_proposal_t *this, proposal_t *other, bool private)
+	private_proposal_t *this, proposal_t *other, bool other_remote,
+	bool private)
 {
 	proposal_t *selected;
 
@@ -285,7 +286,17 @@ METHOD(proposal_t, select_proposal, proposal_t*,
 		return NULL;
 	}
 
-	selected = proposal_create(this->protocol, other->get_number(other));
+	if (other_remote)
+	{
+		selected = proposal_create(this->protocol, other->get_number(other));
+		selected->set_spi(selected, other->get_spi(other));
+	}
+	else
+	{
+		selected = proposal_create(this->protocol, this->number);
+		selected->set_spi(selected, this->spi);
+
+	}
 
 	if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) ||
 		!select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) ||
@@ -298,7 +309,6 @@ METHOD(proposal_t, select_proposal, proposal_t*,
 	}
 
 	DBG2(DBG_CFG, "  proposal matches");
-	selected->set_spi(selected, other->get_spi(other));
 	return selected;
 }
 
@@ -915,6 +925,8 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 			case ECP_256_BP:
 			case ECP_384_BP:
 			case ECP_512_BP:
+			case CURVE_25519:
+			case CURVE_448:
 			case NTRU_128_BIT:
 			case NTRU_192_BIT:
 			case NTRU_256_BIT:
@@ -956,9 +968,12 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 			case MODP_768_BIT:
 				/* weak */
 				break;
+			case MODP_1024_160:
 			case MODP_2048_224:
+			case MODP_2048_256:
+				/* RFC 5114 primes are of questionable source */
+				break;
 			case MODP_1536_BIT:
-			case MODP_1024_160:
 			case ECP_224_BIT:
 			case ECP_224_BP:
 			case ECP_192_BIT:
@@ -966,7 +981,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 				/* rarely used */
 				break;
 			case MODP_2048_BIT:
-			case MODP_2048_256:
 			case MODP_1024_BIT:
 				add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
 				break;