ESP traffic seen in clear with NULL encryption algorithm only if authentication is SHA1, not SHA256

ESP
NULL
sha1
sha256

asked 2020-07-31 13:00:08 +0000

Jacques
1 ●1

updated 2020-07-31 15:31:08 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23850 ●4 ●988 ●227 https://www.wireshark.org

hi, with encryption-alg = null and authentication-alg = hmac-sha1, I can see clear traffic with wireshark option 'attempt to detect/decode NULL encrypted ESP payloads'. with encryption-alg = null and authentication-alg = hmac-sha256, traffic is not decoded. I only see ESP SPI and sequence, not the encapsulated protocol. Why ? thanks and regards

edit retag flag offensive close merge delete

add a comment

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account.

ESP traffic seen in clear with NULL encryption algorithm only if authentication is SHA1, not SHA256

Be the first one to answer this question!

Question Tools

Stats

Related questions

ESP traffic seen in clear with NULL encryption algorithm only if authentication is SHA1, not SHA256 edit

Be the first one to answer this question!

Question Tools

Stats

Related questions

ESP traffic seen in clear with NULL encryption algorithm only if authentication is SHA1, not SHA256