adapted scenarios to new crypto proposal output

41 files changed, 97 insertions, 93 deletions

diff --git a/testing/tests/ikev1/alg-blowfish/description.txt b/testing/tests/ikev1/alg-blowfish/description.txt
index cff0a1915..7d8f245ab 100644
--- a/testing/tests/ikev1/alg-blowfish/description.txt
+++ b/testing/tests/ikev1/alg-blowfish/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the strong cipher suite
-<b>BLOWFISH_CBC_256-SHA2_512-MODP4096</b> for the IKE protocol and 
-<b>BLOWFISH_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>BLOWFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and 
+<b>BLOWFISH_CBC_256 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
 <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat
index a2ae3ff6b..fd46cdb9d 100644
--- a/testing/tests/ikev1/alg-blowfish/evaltest.dat
+++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat
@@ -1,9 +1,9 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: BLOWFISH_CBC_256-SHA2_512-MODP4096::YES
-moon::ipsec statusall::IKE algorithm newest: BLOWFISH_CBC_256-SHA2_512-MODP4096::YES
-carol::ipsec statusall::ESP algorithm newest: BLOWFISH_256-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: BLOWFISH_256-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+moon::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES
 carol::ip xfrm state::enc cbc(blowfish)::YES
 moon::ip xfrm state::enc cbc(blowfish)::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/alg-serpent/description.txt b/testing/tests/ikev1/alg-serpent/description.txt
index f49c0a1c0..604fb45df 100644
--- a/testing/tests/ikev1/alg-serpent/description.txt
+++ b/testing/tests/ikev1/alg-serpent/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the strong cipher suite
-<b>SERPENT_CBC_256-SHA2_512-MODP4096</b> for the IKE protocol and 
-<b>SERPENT_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>SERPENT_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and 
+<b>SERPENT_CBC_256 / HMAC_SHA2_256 </b> for ESP packets. A ping from <b>carol</b> to
 <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-serpent/evaltest.dat b/testing/tests/ikev1/alg-serpent/evaltest.dat
index ffca0e7a0..2be8f675f 100644
--- a/testing/tests/ikev1/alg-serpent/evaltest.dat
+++ b/testing/tests/ikev1/alg-serpent/evaltest.dat
@@ -1,9 +1,9 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: SERPENT_CBC_256-SHA2_512-MODP4096::YES
-moon::ipsec statusall::IKE algorithm newest: SERPENT_CBC_256-SHA2_512-MODP4096::YES
-carol::ipsec statusall::ESP algorithm newest: SERPENT_256-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: SERPENT_256-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+moon::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES
 carol::ip xfrm state::enc cbc(serpent)::YES
 moon::ip xfrm state::enc cbc(serpent)::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/alg-sha2_256/description.txt b/testing/tests/ikev1/alg-sha2_256/description.txt
index 900fcf017..e0af2e2f7 100644
--- a/testing/tests/ikev1/alg-sha2_256/description.txt
+++ b/testing/tests/ikev1/alg-sha2_256/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the rather strong cipher suite
-<b>AES_CBC_128-SHA2_256-MODP1536</b> for the IKE protocol and 
-<b>AES_128-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>AES_CBC_128 / HMAC_SHA2_256 / MODP_1536</b> for the IKE protocol and 
+<b>AES_CBC_128 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
 <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha2_256/evaltest.dat b/testing/tests/ikev1/alg-sha2_256/evaltest.dat
index 42d0099eb..b8a83e0fb 100644
--- a/testing/tests/ikev1/alg-sha2_256/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha2_256/evaltest.dat
@@ -1,10 +1,10 @@
 
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA2_256-MODP1536::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA2_256-MODP1536::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
 carol::ip xfrm state::auth hmac(sha256)::YES
 moon::ip xfrm state::auth hmac(sha256)::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/alg-twofish/description.txt b/testing/tests/ikev1/alg-twofish/description.txt
index 0015561ee..b65ea7b8d 100644
--- a/testing/tests/ikev1/alg-twofish/description.txt
+++ b/testing/tests/ikev1/alg-twofish/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the strong cipher suite
-<b>TWOFISH_CBC_256-SHA2_512-MODP4096</b> for the IKE protocol and 
-<b>TWOFISH_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>TWOFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and 
+<b>TWOFISH_CBC_256 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
 <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-twofish/evaltest.dat b/testing/tests/ikev1/alg-twofish/evaltest.dat
index 69e9267c3..34c9d1c65 100644
--- a/testing/tests/ikev1/alg-twofish/evaltest.dat
+++ b/testing/tests/ikev1/alg-twofish/evaltest.dat
@@ -1,9 +1,9 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: TWOFISH_CBC_256-SHA2_512-MODP4096::YES
-moon::ipsec statusall::IKE algorithm newest: TWOFISH_CBC_256-SHA2_512-MODP4096::YES
-carol::ipsec statusall::ESP algorithm newest: TWOFISH_256-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: TWOFISH_256-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+moon::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES
 carol::ip xfrm state::enc cbc(twofish)::YES
 moon::ip xfrm state::enc cbc(twofish)::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-ah-transport/description.txt b/testing/tests/ikev1/esp-ah-transport/description.txt
index c7918fa38..f8ffce6e6 100644
--- a/testing/tests/ikev1/esp-ah-transport/description.txt
+++ b/testing/tests/ikev1/esp-ah-transport/description.txt
@@ -1,5 +1,5 @@
 In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP AES 128 bit encryption algorithm combined with AH SHA-1 authentication.
+the ESP AES 128 bit encryption algorithm combined with AH HMAC_SHA1 authentication.
 In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
 marks all incoming AH packets with the ESP mark. The transport mode connection is
 tested by <b>carol</b> sending a ping to gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/esp-ah-transport/evaltest.dat b/testing/tests/ikev1/esp-ah-transport/evaltest.dat
index 7c498ad83..526e0d96e 100644
--- a/testing/tests/ikev1/esp-ah-transport/evaltest.dat
+++ b/testing/tests/ikev1/esp-ah-transport/evaltest.dat
@@ -1,7 +1,7 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-;::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-;::YES
+carol::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
+moon::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_MOON::128 bytes from PH_IP_MOON: icmp_seq=1::YES
 carol::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*transport::YES
 moon::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*transport::YES
diff --git a/testing/tests/ikev1/esp-ah-tunnel/description.txt b/testing/tests/ikev1/esp-ah-tunnel/description.txt
index 809f28c57..332f8177a 100644
--- a/testing/tests/ikev1/esp-ah-tunnel/description.txt
+++ b/testing/tests/ikev1/esp-ah-tunnel/description.txt
@@ -1,5 +1,5 @@
 In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP AES 128 bit encryption algorithm combined with AH SHA-1 authentication.
+the ESP AES 128 bit encryption algorithm combined with AH HMAC_SHA1 authentication.
 In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
 marks all incoming AH packets with the ESP mark. The tunnel mode connection is
 tested by <b>carol</b> sending a ping to client <b>alice</b> hiding behind 
diff --git a/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat b/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
index 8f4a99641..5103a6318 100644
--- a/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
+++ b/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
@@ -1,7 +1,7 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-;::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-;::YES
+carol::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
+moon::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
 carol::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*tunnel::YES
 moon::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*tunnel::YES
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/description.txt b/testing/tests/ikev1/esp-alg-aesxcbc/description.txt
index fef0ac2dd..0c39352d9 100644
--- a/testing/tests/ikev1/esp-alg-aesxcbc/description.txt
+++ b/testing/tests/ikev1/esp-alg-aesxcbc/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
-<b>AES_256/AES_XCBC_MAC</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
+<b>AES_CBC_256 / AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc</b>
 in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
 the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
index f464bda65..872962de4 100644
--- a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
@@ -1,8 +1,8 @@
 
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: AES_256-AES_XCBC_MAC::YES
-moon::ipsec statusall::ESP algorithm newest: AES_256-AES_XCBC_MAC::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
 carol::ip xfrm state::auth xcbc(aes)::YES
 moon::ip xfrm state::auth xcbc(aes)::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-camellia/description.txt b/testing/tests/ikev1/esp-alg-camellia/description.txt
index ead39f580..b679d03ec 100644
--- a/testing/tests/ikev1/esp-alg-camellia/description.txt
+++ b/testing/tests/ikev1/esp-alg-camellia/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
-<b>CAMELLIA_192/HMAC_SHA2_256</b> by defining <b>esp=camellia192-sha2_256-modp2048</b>
+<b>CAMELLIA_CBC_192 / HMAC_SHA2_256</b> by defining <b>esp=camellia192-sha2_256</b>
 in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
 the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat b/testing/tests/ikev1/esp-alg-camellia/evaltest.dat
index b2871dabd..1b0f3a12b 100644
--- a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-camellia/evaltest.dat
@@ -1,7 +1,7 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: CAMELLIA_192-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: CAMELLIA_192-HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES
 carol::ip xfrm state::enc cbc(camellia)::YES
 moon::ip xfrm state::enc cbc(camellia)::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-des/evaltest.dat b/testing/tests/ikev1/esp-alg-des/evaltest.dat
index 8e06392f1..57d09a488 100644
--- a/testing/tests/ikev1/esp-alg-des/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-des/evaltest.dat
@@ -1,6 +1,8 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::ESP algorithm newest: DES_0-HMAC_MD5::YES
-carol::ipsec statusall::ESP algorithm newest: DES_0-HMAC_MD5::YES
+moon::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
+carol::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
+moon::ip xfrm state::enc cbc(des)::YES
+carol::ip xfrm state::enc cbc(des)::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 
diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat
index de2f2a571..8c748a54c 100644
--- a/testing/tests/ikev1/esp-alg-null/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat
@@ -1,5 +1,7 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::ESP algorithm newest::NULL_0-HMAC_SHA1::YES
-carol::ipsec statusall::ESP algorithm newest::NULL_0-HMAC_SHA1::YES
+moon::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
+carol::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
+moon::ip xfrm state::enc ecb(cipher_null)::YES
+carol::ip xfrm state::enc ecb(cipher_null)::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
index b939e4fda..3c9fdbb71 100755
--- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=aes-128-sha
+	ike=aes-sha1
 	esp=null-sha1!
 
 conn home
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
index 9ca761cb5..62f17df49 100755
--- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=aes128-sha!
+	ike=aes-sha1!
 	esp=null-sha1!
 
 conn rw
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/description.txt b/testing/tests/ikev1/esp-alg-strict-fail/description.txt
index 03c655480..252080e80 100644
--- a/testing/tests/ikev1/esp-alg-strict-fail/description.txt
+++ b/testing/tests/ikev1/esp-alg-strict-fail/description.txt
@@ -1,5 +1,5 @@
-The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with SHA-1 authentication
+The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication
 as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines
-<b>ike=aes-128-sha</b> only, but will accept any other support algorithm proposed by the peer,
+<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer,
 leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces
-<b>esp=aes-128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
+<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
index 6f2024ff9..83d99bea1 100644
--- a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
@@ -1,9 +1,9 @@
 carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
-carol::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
+carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
 moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::YES
-moon::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
+moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
 carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*ISAKMP SA established::NO
-moon::cat /var/log/auth.log::IPSec Transform.*ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA1.*refused due to strict flag::YES
+moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
 moon::cat /var/log/auth.log::no acceptable Proposal in IPsec SA::YES
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
index f61cfc6bb..21997940b 100755
--- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=3des-sha
+	ike=3des-sha1
 	esp=3des-sha1
 
 conn home
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
index 5bf53b8bc..14f58ccc3 100755
--- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=aes128-sha
+	ike=aes128-sha1
 	esp=aes128-sha1!
 
 conn rw
diff --git a/testing/tests/ikev1/esp-alg-strict/description.txt b/testing/tests/ikev1/esp-alg-strict/description.txt
index b4fc08253..149a1e013 100644
--- a/testing/tests/ikev1/esp-alg-strict/description.txt
+++ b/testing/tests/ikev1/esp-alg-strict/description.txt
@@ -1,7 +1,7 @@
-Roadwarrior <b>carol</b> proposes <b>3DES</b> encryption (together with
-SHA-1 authentication) in the first place and <b>AES-128</b> encryption in
+Roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption (together with
+HMAC_SHA1 authentication) in the first place and <b>AES_CBC_128</b> encryption in
 second place for both the ISAKMP and IPsec SAs. Gateway <b>moon</b> defines
-<b>ike=aes-128-sha</b> but will accept any other supported algorithm proposed
+<b>ike=aes128-sha1</b> but will accept any other supported algorithm proposed
 by the peer during Phase 1. But for ESP encryption <b>moon</b> enforces
-<b>esp=aes-128-sha1!</b> by applying the strict flag '!'.
+<b>esp=aes128-sha1!</b> by applying the strict flag '!'.
 
diff --git a/testing/tests/ikev1/esp-alg-strict/evaltest.dat b/testing/tests/ikev1/esp-alg-strict/evaltest.dat
index d5dd12d4e..912a8d830 100644
--- a/testing/tests/ikev1/esp-alg-strict/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-strict/evaltest.dat
@@ -1,7 +1,7 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::IPSec Transform.*ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA1.*refused due to strict flag::YES
-moon::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES
-carol::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES
+moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
+moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES
+carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES
diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
index 0ae6b0693..7e2de30cd 100755
--- a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
@@ -11,8 +11,8 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=3des-sha,aes-128-sha
-	esp=3des-sha1,aes-128-sha1
+	ike=3des-sha,aes128-sha1
+	esp=3des-sha1,aes128-sha1
 
 conn home
 	left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
index 5bf53b8bc..14f58ccc3 100755
--- a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=aes128-sha
+	ike=aes128-sha1
 	esp=aes128-sha1!
 
 conn rw
diff --git a/testing/tests/ikev1/esp-alg-weak/description.txt b/testing/tests/ikev1/esp-alg-weak/description.txt
index ffb6882f5..e49b6c620 100644
--- a/testing/tests/ikev1/esp-alg-weak/description.txt
+++ b/testing/tests/ikev1/esp-alg-weak/description.txt
@@ -1,4 +1,4 @@
-The roadwarrior <b>carol</b> proposes <b>1DES</b> encryption with MD5 authentication
+The roadwarrior <b>carol</b> proposes <b>DES_CBC</b> encryption with HMAC_MD5 authentication
 as the only cipher suite for the IPsec SA. Because gateway <b>moon</b> does
 not use an explicit <b>esp</b> statement any strong encryption algorithm will be
 accepted but any weak key length will be rejected by default and thus the ISAKMP SA
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/description.txt b/testing/tests/ikev1/ike-alg-sha2_384/description.txt
index a347a3fed..a0bda209c 100644
--- a/testing/tests/ikev1/ike-alg-sha2_384/description.txt
+++ b/testing/tests/ikev1/ike-alg-sha2_384/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>AES_CBC_192-SHA2_384-MODP4096</b> for the IKE protocol and
-<b>AES_192-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>AES_CBC_192 / HMAC_SHA2_384 / MODP4096</b> for the IKE protocol and
+<b>AES_CBC_192 /HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
 <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat b/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
index 31959f53a..a4cc39150 100644
--- a/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
@@ -1,8 +1,8 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_192-SHA2_384-MODP4096::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_192-SHA2_384-MODP4096::YES
-moon::ipsec statusall::ESP algorithm newest: AES_192-HMAC_SHA2_256::YES
-carol::ipsec statusall::ESP algorithm newest: AES_192-HMAC_SHA2_256::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_4096::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_4096::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_256::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 
diff --git a/testing/tests/ikev1/ike-alg-sha2_512/description.txt b/testing/tests/ikev1/ike-alg-sha2_512/description.txt
index 1bec4b8c6..240b8f2b0 100644
--- a/testing/tests/ikev1/ike-alg-sha2_512/description.txt
+++ b/testing/tests/ikev1/ike-alg-sha2_512/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the paranoid cipher suite
-<b>AES_CBC_256-SHA2_512-MODP8192</b> for the IKE protocol and
-<b>AES_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>AES_CBC_256 / HMAC_SHA2_512 / MODP_8192</b> for the IKE protocol and
+<b>AES_CBC_256 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
 <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat b/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat
index dbd35429c..10929457f 100644
--- a/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat
@@ -1,8 +1,8 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_256-SHA2_512-MODP8192::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_256-SHA2_512-MODP8192::YES
-moon::ipsec statusall::ESP algorithm newest: AES_256-HMAC_SHA2_256::YES
-carol::ipsec statusall::ESP algorithm newest: AES_256-HMAC_SHA2_256::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_8192::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_8192::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_256::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/description.txt b/testing/tests/ikev1/ike-alg-strict-fail/description.txt
index 03c655480..252080e80 100644
--- a/testing/tests/ikev1/ike-alg-strict-fail/description.txt
+++ b/testing/tests/ikev1/ike-alg-strict-fail/description.txt
@@ -1,5 +1,5 @@
-The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with SHA-1 authentication
+The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication
 as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines
-<b>ike=aes-128-sha</b> only, but will accept any other support algorithm proposed by the peer,
+<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer,
 leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces
-<b>esp=aes-128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
+<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
index 931b8855a..0c6bc7f7e 100644
--- a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
@@ -1,5 +1,5 @@
 carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO
 moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO
 carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES
-moon::cat /var/log/auth.log::Oakley Transform.*OAKLEY_3DES_CBC (192), OAKLEY_SHA.*refused due to strict flag::YES
+moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
 moon::cat /var/log/auth.log::no acceptable Oakley Transform::YES
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
index cbe5469f0..63ad1c01d 100755
--- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=3des-sha
+	ike=3des-sha1
 	esp=3des-sha1
 
 conn home
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
index 42e5f8404..1ea5fe7a5 100755
--- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=aes128-sha!
+	ike=aes128-sha1!
 	esp=aes128-sha1
 
 conn rw
diff --git a/testing/tests/ikev1/ike-alg-strict/description.txt b/testing/tests/ikev1/ike-alg-strict/description.txt
index 35d266e20..af93b95c3 100644
--- a/testing/tests/ikev1/ike-alg-strict/description.txt
+++ b/testing/tests/ikev1/ike-alg-strict/description.txt
@@ -1,5 +1,5 @@
-The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with <b>SHA-1</b> authentication in the first place
-and <b>AES-128</b> encryption with <b>SHA-1</b> authentication in the second place for both the ISAKMP and IPsec SA.
-The gateway <b>moon</b> enforces <b>ike=aes-128-sha!</b> for Phase 1 by using the strict flag '!', 
+The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with <b>HMAC_SHA1</b> authentication in the first place
+and <b>AES_CBC_128</b> encryption with <b>HMAC_SHA1</b> authentication in the second place for both the ISAKMP and IPsec SA.
+The gateway <b>moon</b> enforces <b>ike=aes128-sha!</b> for Phase 1 by using the strict flag '!', 
 but will accept any other supported algorithm proposed by the peer for Phase 2 , even though <b>moon</b>
-defines itself <b>esp=aes-128-sha1</b> only.
+defines itself <b>esp=aes128-sha1</b> only.
diff --git a/testing/tests/ikev1/ike-alg-strict/evaltest.dat b/testing/tests/ikev1/ike-alg-strict/evaltest.dat
index 46140be8a..8acd0d039 100644
--- a/testing/tests/ikev1/ike-alg-strict/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-strict/evaltest.dat
@@ -1,7 +1,7 @@
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::Oakley Transform.*OAKLEY_3DES_CBC (192), OAKLEY_SHA.*refused due to strict flag::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA::YES
-moon::ipsec statusall::ESP algorithm newest: 3DES_0-HMAC_SHA1::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA::YES
-carol::ipsec statusall::ESP algorithm newest: 3DES_0-HMAC_SHA1::YES
+moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1::YES
+moon::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA::YES
+carol::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES
diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
index b8e2257c4..9272bdc7f 100755
--- a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
@@ -11,8 +11,8 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=3des-sha,aes-128-sha
-	esp=3des-sha1,aes-128-sha1
+	ike=3des-sha1,aes128-sha1
+	esp=3des-sha1,aes128-sha1
 conn home
 	left=PH_IP_CAROL
 	leftcert=carolCert.pem
diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
index 42e5f8404..1ea5fe7a5 100755
--- a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	ike=aes128-sha!
+	ike=aes128-sha1!
 	esp=aes128-sha1
 
 conn rw