Skip to content
Commit 559c995a authored by Yan Yan's avatar Yan Yan Committed by Maciej Żenczykowski
Browse files

Improve IKEv2/IPsec VPN by proposing more IKE algorithms 

This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IKE library. Those new algorithms have stronger
security guarantees and better performance.

It also improves the cooperability with
NordVpn. Previously, IKEv2/IPsec VPN only proposes PRF-HMAC-SHA1
and PRF-AES128-XCBC. NordVpn always prefer PRF-AES128-XCBC over
PRF-HMAC-SHA1 for security reasons, but few NordVpn servers have
broken PRF-AES128-XCBC support which will cause VPN setup to fail.
Proposing more PRFs can reduce the chance of selecting a broken
algorithms.

This commit also switches to use IKE library defined constants

Bug: 185265778
Test: atest FrameworksNetTests, CtsIkeTestCases
Test: new algorithms are manually tested
Change-Id: Id0983d4b73691b153ee0f1cf3bf63b215098a29a
parent 6c914b4b
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment