commit 160a0e8c59f658403bf4c68031d4f1274c9e038a
author Girish Moturu <gmoturu@google.com> Wed Feb 08 23:44:46 2017 +0000
committer android-build-merger <android-build-merger@google.com> Wed Feb 08 23:44:46 2017 +0000
tree 4d3c5b1aaf8a4597a321ee40bdb41c3159903030
parent 53f72dd24cde66082d758a0855ff4ed07f5e119f
parent dcdb714175b2f7f9a85c050e327c5defd1359bcf

Moved add_proposal() for SHA2_512 am: 25e4998b08
am: dcdb714175

Change-Id: I636f67c1e74cefa6283dc132d3ec252c05af6c22

setup.c

diff --git a/setup.c b/setup.c
index 6f075f3..58e86f1 100644
--- a/setup.c
+++ b/setup.c
@@ -505,11 +505,14 @@
 
     /* Add proposals. */
     add_proposal(remoteconf, auth,
-            OAKLEY_ATTR_HASH_ALG_SHA2_512, OAKLEY_ATTR_ENC_ALG_AES, 256);
-    add_proposal(remoteconf, auth,
             OAKLEY_ATTR_HASH_ALG_SHA2_384, OAKLEY_ATTR_ENC_ALG_AES, 256);
     add_proposal(remoteconf, auth,
             OAKLEY_ATTR_HASH_ALG_SHA2_256, OAKLEY_ATTR_ENC_ALG_AES, 256);
+    // VPNs to openswan breaks when SHA2_512 is used as the first proposal.
+    // openswan supports SHA2_256 or lower hash alg. With this add_proposal
+    // order, openswan picks SHA2_256 and others pick SHA2_384
+    add_proposal(remoteconf, auth,
+            OAKLEY_ATTR_HASH_ALG_SHA2_512, OAKLEY_ATTR_ENC_ALG_AES, 256);
     add_proposal(remoteconf, auth,
             OAKLEY_ATTR_HASH_ALG_SHA, OAKLEY_ATTR_ENC_ALG_AES, 256);
     add_proposal(remoteconf, auth,