Project

General

Profile

Issue #3195

chacha20poly1305 cipher name mismatch on proposals

Added by Vitaly Zuevsky 8 days ago. Updated 6 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.6.2
Resolution:

Description

Android Client sends proposal:

charon: 07[CFG] received proposals: IKE:CHACHA20_POLY1305/PRF_HMAC_SHA2_256/MODP_2048

This cipher is configured on the server but goes by name CHACHA20_POLY1305_256:

charon: 07[CFG] configured proposals: IKE:AES_GCM_8_128/AES_GCM_8_256/CHACHA20_POLY1305_256/PR..

As a result Chacha cipher cannot be optionally selected in Android app.

History

#1 Updated by Martin Willi 8 days ago

  • Status changed from New to Feedback

Up to version 5.6.2, strongSwan unfortunately used a invalid transform encoding for this algorithm. This has been fixed with 5.6.3, requiring an change that brings an incompatibility between versions.

To support newer clients on your server, you'll need to update to at least 5.6.3. You can then use both the chacha20poly1305 and the chacha20poly1305compat algorithm on the server to support both old and new clients.

#2 Updated by Vitaly Zuevsky 8 days ago

Thank you, Martin. \

I am using the latest Ubuntu18/bionic repositories to install strongSwan that gives me 5.6.2 version. Could you please recommend some specific repository with the latest stable strongSwan I should use?

#3 Updated by Tobias Brunner 6 days ago

  • Category set to configuration

Could you please recommend some specific repository with the latest stable strongSwan I should use?

I guess you could try installing the .deb files from a newer Ubuntu release (e.g. 18.10/cosmic comes with 5.6.3). Or install a newer version from source (make sure to uninstall the strongSwan packages before doing that).

Also available in: Atom PDF