From aebfb67e21bcb2eac19904527e8c91f9f82b5077 Mon Sep 17 00:00:00 2001
From: Dan Guido <dan@trailofbits.com>
Date: Tue, 18 Apr 2017 01:11:56 -0400
Subject: [PATCH] remove extraneous integrity algos from AEAD ciphers (#439)

In reference to
https://github.com/trailofbits/algo/issues/9#issuecomment-294370560
---
 roles/vpn/defaults/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/vpn/defaults/main.yml b/roles/vpn/defaults/main.yml
index 934c34f3..120d1dc0 100644
--- a/roles/vpn/defaults/main.yml
+++ b/roles/vpn/defaults/main.yml
@@ -22,8 +22,8 @@ strongswan_enabled_plugins:
 
 ciphers:
   defaults:
-    ike: aes128gcm16-sha2_512-prfsha512-ecp256!
-    esp: aes128gcm16-sha2_512-ecp256!
+    ike: aes128gcm16-prfsha512-ecp256!
+    esp: aes128gcm16-ecp256!
   compat:
-    ike: aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048!
-    esp: aes128gcm16-sha2_512-ecp256,aes128-sha2_512-ecp256,aes128-sha2_256-modp2048!
+    ike: aes128gcm16-prfsha512-ecp256,aes128-sha2_512-prfsha512-ecp256,aes128-sha2_512-prfsha512-modp2048!
+    esp: aes128gcm16-ecp256,aes128-sha2_512-ecp256,aes128-sha2_512-prfsha512-modp2048!