try {ECDSA,RSA,..} local-remote before {ECDSA,RSA,...} local-any

libreswan / libreswan

libreswan

https://libreswan.org/

Other

858 stars 224 forks source link

try {ECDSA,RSA,..} local-remote before {ECDSA,RSA,...} local-any #1789

Open cagney opened 3 months ago

cagney commented 3 months ago

i.e., exhaust local-remote before trying templates side effect of increasing ECDSAs priority?

cagney commented 3 months ago

         * This searches the host-pairs REMOTE<->LOCAL and
         * then ANY->LOCAL for a match with the given
         * PEER_AUTHBY.  This means a "stronger" template will
         * match before a "weaker" static connection.

cagney commented 3 months ago

see 8a4c5995cf1cb22213ab496364692cdd3bac4f37 see #666 see #718

so needs discussion

cagney commented 3 months ago

v4.x exhibited same behaviour: instantiate a template and then, later, switch to the real permanent connection