Moved add_proposal() for SHA2_512 am: 25e4998b08
am: dcdb714175
Change-Id: I636f67c1e74cefa6283dc132d3ec252c05af6c22
diff --git a/setup.c b/setup.c
index 6f075f3..58e86f1 100644
--- a/setup.c
+++ b/setup.c
@@ -505,11 +505,14 @@
/* Add proposals. */
add_proposal(remoteconf, auth,
- OAKLEY_ATTR_HASH_ALG_SHA2_512, OAKLEY_ATTR_ENC_ALG_AES, 256);
- add_proposal(remoteconf, auth,
OAKLEY_ATTR_HASH_ALG_SHA2_384, OAKLEY_ATTR_ENC_ALG_AES, 256);
add_proposal(remoteconf, auth,
OAKLEY_ATTR_HASH_ALG_SHA2_256, OAKLEY_ATTR_ENC_ALG_AES, 256);
+ // VPNs to openswan breaks when SHA2_512 is used as the first proposal.
+ // openswan supports SHA2_256 or lower hash alg. With this add_proposal
+ // order, openswan picks SHA2_256 and others pick SHA2_384
+ add_proposal(remoteconf, auth,
+ OAKLEY_ATTR_HASH_ALG_SHA2_512, OAKLEY_ATTR_ENC_ALG_AES, 256);
add_proposal(remoteconf, auth,
OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 256);
add_proposal(remoteconf, auth,