Null in Hash Algorithm

One asks if it is possible to use as hash algorithm a value of “null” in JunOS, as in the following command of ScreenOS:

set ike p2-proposal “g5-esp-aes256-no_auth-900s” group5 esp aes256 null second 900

The answer would be YES ! how ?

Setting NULL encryption means actually not setting any encryption-algorithm under IPsec proposals

[edit]
admin@srx# show security ipsec proposal LAB
protocol esp;
authenticationalgorithm hmacsha196;
lifetimeseconds 10000;
Note: It’s not supported in FIPS mode . And this error will be generated when trying to commit:
admin@srx# commit
[edit security ipsec]
‘proposal ipsec_proposal’
NULL encryption algorithm is not supported in FIPS mode.
error: configuration check-out failed
Refer to KB24453
And for more troubleshooting about NULL encryption, refer to this site
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s