ESP traffic seen in clear with NULL encryption algorithm only if authentication is SHA1, not SHA256

asked Jul 31 '0

Jacques gravatar image

updated Jul 31 '0

grahamb gravatar image

hi, with encryption-alg = null and authentication-alg = hmac-sha1, I can see clear traffic with wireshark option 'attempt to detect/decode NULL encrypted ESP payloads'. with encryption-alg = null and authentication-alg = hmac-sha256, traffic is not decoded. I only see ESP SPI and sequence, not the encapsulated protocol. Why ? thanks and regards

Preview: (hide)