Require a scary option to respond to Aggressive Mode PSK requests
authorMartin Willi <martin@revosec.ch>
Wed, 13 Jun 2012 07:32:28 +0000 (09:32 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 14 Jun 2012 08:25:48 +0000 (10:25 +0200)
commitb31a56f1281f51932d945f8f6ac9dfc34a30af6d
treeefb7349a29a9cabaaa440421c51f4d81f10f3c51
parente49f18f74d9c4c25d841fbf34d1d8ae1666dbf9f
Require a scary option to respond to Aggressive Mode PSK requests

While Aggressive Mode PSK is widely used, it is known to be subject
to dictionary attacks by passive attackers. We don't complain as
initiator to be compatible with existing (insecure) setups, but
require a scary strongswan.conf option if someone wants to use it
as responder.
src/libcharon/sa/ikev1/tasks/aggressive_mode.c