On Tue, May 26, 2015 at 09:37:09AM +0200, Stephan Mueller wrote: > > - the current IKE implementations use rfc4106(gcm(aes)). They would need to > use seqniv(rfc4106(gcm(aes))) depending on the kernel version. So, we have a > clear change in the user space API where the old configuration even works > (i.e. no error), but does not produce the correct encryption that is required. You mean through the user-space AEAD interface? That's not a problem because I'm going to disable it for 4.1 :) Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html