ESP traffic seen in clear with NULL encryption algorithm only if authentication is SHA1, not SHA256

asked 2020-07-31 13:00:08 +0000

updated 2020-07-31 15:31:08 +0000

grahamb gravatar image

hi, with encryption-alg = null and authentication-alg = hmac-sha1, I can see clear traffic with wireshark option 'attempt to detect/decode NULL encrypted ESP payloads'. with encryption-alg = null and authentication-alg = hmac-sha256, traffic is not decoded. I only see ESP SPI and sequence, not the encapsulated protocol. Why ? thanks and regards

edit retag flag offensive close merge delete