Merge branch 'android-proposals'

author Tobias Brunner <tobias@strongswan.org>

Tue, 28 Nov 2017 15:23:41 +0000 (16:23 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Tue, 28 Nov 2017 15:23:41 +0000 (16:23 +0100)
author Tobias Brunner <tobias@strongswan.org>
Tue, 28 Nov 2017 15:23:41 +0000 (16:23 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Tue, 28 Nov 2017 15:23:41 +0000 (16:23 +0100)
diff --cc src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c

index cbf36da,5c4a038..986854c
--- 1/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
--- 2/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
@@@ -795,27 -825,34 +825,34 @@@ static job_requeue_t initiate(private_a
         peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
   
         child_cfg = child_cfg_create("android", &child);
-       /* create ESP proposals with and without DH groups, let responder decide
-        * if PFS is used */
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128gcm16-aes256gcm16-chacha20poly1305-"
-                                                       "curve25519-ecp256-modp3072"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128-sha256-curve25519-ecp256-modp3072"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes256-sha384-ecp521-modp8192"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
-                                                       "curve25519-ecp256-ecp384-ecp521-"
-                                                       "modp2048-modp3072-modp4096"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128gcm16-aes256gcm16-chacha20poly1305"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128-sha256"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes256-sha384"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+       proposal = parse_proposal(this, PROTO_ESP, "connection.esp_proposal");
+       if (proposal)
+       {
+               child_cfg->add_proposal(child_cfg, proposal);
+       }
+       else
+       {       /* create ESP proposals with and without DH groups, let responder decide
+                * if PFS is used */
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128gcm16-aes256gcm16-chacha20poly1305-"
+                                                               "curve25519-ecp256-modp3072"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128-sha256-curve25519-ecp256-modp3072"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes256-sha384-ecp521-modp8192"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
+                                                               "curve25519-ecp256-ecp384-ecp521-"
- -                                                              "modp2048-modp3072-modp4096-modp1024"));
++                                                              "modp2048-modp3072-modp4096"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128gcm16-aes256gcm16-chacha20poly1305"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128-sha256"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes256-sha384"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+       }
         ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
         child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
         ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
author	Tobias Brunner <tobias@strongswan.org>
	Tue, 28 Nov 2017 15:23:41 +0000 (16:23 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Tue, 28 Nov 2017 15:23:41 +0000 (16:23 +0100)