From 918094fde55fa0dbfd59a5f88d576efb513a88db Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Wed, 2 Jan 2019 10:45:36 +0100 Subject: New upstream version 5.7.2 --- .../tests/openssl-ikev2/alg-ecp-brainpool-high/description.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'testing/tests/openssl-ikev2/alg-ecp-brainpool-high/description.txt') diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/description.txt b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/description.txt index d0ae5a823..e37d5489c 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/description.txt +++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/description.txt @@ -1,17 +1,17 @@ The roadwarrior carol and the gateway moon use the openssl plugin based on the OpenSSL library for all cryptographical and X.509 certificate functions whereas roadwarrior dave uses the default strongSwan -cryptographical plugins aes des sha1 sha2 md5 gmp x509 plus the openssl +cryptographical plugins aes sha1 sha2 hmac gmp x509 plus the openssl plugin for the Elliptic Curve Diffie-Hellman groups only.

-The roadwarriors carol and dave set up a connection each +The roadwarriors carol and dave set up a connection each to gateway moon. The authentication is based on X.509 certificates. carol proposes the Brainpool DH groups ECP_256_BP and ECP_384_BP whereas dave proposes ECP_256_BP and ECP_512_B P. Since moon does not support ECP_256_BP the roadwarriors fall back to ECP_384_BP and ECP_512_BP, respectively.

-Upon the successful establishment of the IPsec tunnels, leftfirewall=yes -automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +Upon the successful establishment of the IPsec tunnels, the updown script automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both carol and dave ping the client alice behind the gateway moon. -- cgit v1.2.3