android: Don't use the default ESP proposal as it includes unsupported algorithms
authorTobias Brunner <tobias@strongswan.org>
Tue, 9 Oct 2012 12:01:33 +0000 (14:01 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 16 Oct 2012 12:16:16 +0000 (14:16 +0200)
src/frontends/android/jni/libandroidbridge/backend/android_service.c

index 2a115d2..0361b86 100644 (file)
@@ -540,7 +540,10 @@ static job_requeue_t initiate(private_android_service_t *this)
        child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL,
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
                                                                 0, 0, NULL, NULL, 0);
-       child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       /* create an ESP proposal with the algorithms currently supported by
+        * libipsec, no PFS for now */
+       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                       "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
        ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",