Ask Your Question

Revision history [back]

traffic seen clear with NULL encryption algorithm only if authentication is SHA1, not SHA25. Why ?6

hi, with encryption-alg = null and authentication-alg = hmac-sha1, I can see clear traffic with wireshark option 'attempt to detect/decode NULL encrypted ESP payloads'. with encryption-alg = null and authentication-alg = hmac-sha256, traffic is not decoded. I only see ESP SPI and sequence, not the encapsulated protocol. Why ? thanks and regards

click to hide/show revision 2
None

updated 2020-07-31 14:40:18 +0000

grahamb gravatar image

traffic seen clear with NULL encryption algorithm only if authentication is SHA1, not SHA25. Why ?6

hi, with encryption-alg = null and authentication-alg = hmac-sha1, I can see clear traffic with wireshark option 'attempt to detect/decode NULL encrypted ESP payloads'. with encryption-alg = null and authentication-alg = hmac-sha256, traffic is not decoded. I only see ESP SPI and sequence, not the encapsulated protocol. Why ? thanks and regards

click to hide/show revision 3
None

updated 2020-07-31 15:31:08 +0000

grahamb gravatar image

ESP traffic seen in clear with NULL encryption algorithm only if authentication is SHA1, not SHA25. Why ?6

hi, with encryption-alg = null and authentication-alg = hmac-sha1, I can see clear traffic with wireshark option 'attempt to detect/decode NULL encrypted ESP payloads'. with encryption-alg = null and authentication-alg = hmac-sha256, traffic is not decoded. I only see ESP SPI and sequence, not the encapsulated protocol. Why ? thanks and regards

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2