128 bit default security strength requires 3072 bit prime DH group

author: Andreas Steffen <andreas.steffen@strongswan.org> 2015-12-14 10:39:40 +0100
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2015-12-14 10:39:40 +0100
commit: 5e2b740a009a29cd560f00199ecbeb25fa7a4b29 (patch)
tree: a85ed7494aeb0a60b56e603eac3c38a06253f1d2 /src/starter
parent: 47e56403780e417da67edc5f3e9753c60c9f2d21 (diff)
download: strongswan-5e2b740a009a29cd560f00199ecbeb25fa7a4b29.tar.bz2
strongswan-5e2b740a009a29cd560f00199ecbeb25fa7a4b29.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/starter/confread.c b/src/starter/confread.c
index c3a0ac07f..897aa423e 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -40,8 +40,8 @@
 #define SA_REPLACEMENT_RETRIES_DEFAULT   3
 #define SA_REPLAY_WINDOW_DEFAULT        -1 /* use charon.replay_window */
 
-static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
-static const char esp_defaults[] = "aes128-sha1,3des-sha1";
+static const char ike_defaults[] = "aes128-sha256-modp3072";
+static const char esp_defaults[] = "aes128-sha256";
 
 static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables";
author	Andreas Steffen <andreas.steffen@strongswan.org>	2015-12-14 10:39:40 +0100
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2015-12-14 10:39:40 +0100
commit	5e2b740a009a29cd560f00199ecbeb25fa7a4b29 (patch)
tree	a85ed7494aeb0a60b56e603eac3c38a06253f1d2 /src/starter
parent	47e56403780e417da67edc5f3e9753c60c9f2d21 (diff)
download	strongswan-5e2b740a009a29cd560f00199ecbeb25fa7a4b29.tar.bz2 strongswan-5e2b740a009a29cd560f00199ecbeb25fa7a4b29.tar.xz