2 files changed, 16 insertions, 4 deletions

diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index a7be22916..53c38748e 100755
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -322,6 +322,7 @@ METHOD(task_t, process_r, status_t,
 		{
 			linked_list_t *list;
 			sa_payload_t *sa_payload;
+			bool private;
 
 			this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
 			DBG0(DBG_IKE, "%H is initiating a Main Mode IKE_SA",
@@ -345,8 +346,10 @@ METHOD(task_t, process_r, status_t,
 			}
 
 			list = sa_payload->get_proposals(sa_payload);
+			private = this->ike_sa->supports_extension(this->ike_sa,
+														   EXT_STRONGSWAN);
 			this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
-															list, FALSE);
+															list, private);
 			list->destroy_offset(list, offsetof(proposal_t, destroy));
 			if (!this->proposal)
 			{
@@ -523,6 +526,7 @@ METHOD(task_t, process_i, status_t,
 			sa_payload_t *sa_payload;
 			auth_method_t method;
 			u_int32_t lifetime;
+			bool private;
 
 			sa_payload = (sa_payload_t*)message->get_payload(message,
 													SECURITY_ASSOCIATION_V1);
@@ -532,8 +536,10 @@ METHOD(task_t, process_i, status_t,
 				return send_notify(this, INVALID_PAYLOAD_TYPE);
 			}
 			list = sa_payload->get_proposals(sa_payload);
+			private = this->ike_sa->supports_extension(this->ike_sa,
+														   EXT_STRONGSWAN);
 			this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
-															list, FALSE);
+															list, private);
 			list->destroy_offset(list, offsetof(proposal_t, destroy));
 			if (!this->proposal)
 			{
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index b67af5cc4..cbde6ac52 100755
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -789,6 +789,7 @@ METHOD(task_t, process_r, status_t,
 			peer_cfg_t *peer_cfg;
 			host_t *me, *other;
 			u_int16_t group;
+			bool private;
 
 			if (!get_ts(this, message))
 			{
@@ -833,8 +834,10 @@ METHOD(task_t, process_r, status_t,
 				return send_notify(this, INVALID_PAYLOAD_TYPE);
 			}
 			list = sa_payload->get_proposals(sa_payload);
+			private = this->ike_sa->supports_extension(this->ike_sa,
+													   EXT_STRONGSWAN);
 			this->proposal = this->config->select_proposal(this->config,
-														   list, FALSE, FALSE);
+														   list, FALSE, private);
 			list->destroy_offset(list, offsetof(proposal_t, destroy));
 
 			this->mode = sa_payload->get_encap_mode(sa_payload, &this->udp);
@@ -958,6 +961,7 @@ METHOD(task_t, process_i, status_t,
 		{
 			sa_payload_t *sa_payload;
 			linked_list_t *list;
+			bool private;
 
 			sa_payload = (sa_payload_t*)message->get_payload(message,
 													SECURITY_ASSOCIATION_V1);
@@ -967,8 +971,10 @@ METHOD(task_t, process_i, status_t,
 				return send_notify(this, NO_PROPOSAL_CHOSEN);
 			}
 			list = sa_payload->get_proposals(sa_payload);
+			private = this->ike_sa->supports_extension(this->ike_sa,
+													   EXT_STRONGSWAN);
 			this->proposal = this->config->select_proposal(this->config,
-														   list, FALSE, FALSE);
+														   list, FALSE, private);
 			list->destroy_offset(list, offsetof(proposal_t, destroy));
 			if (!this->proposal)
 			{