Bug #13000
open
IPsec AES-GCM encryption algorithm "Key Length" field should be labeled "ICV Length"
0%
Description
When choosing AES256/128-GCM, the key length is 256/128 bits long. The second field in the row labeled Key length needs to be changed or removed.
Updated by Jim Pingle over 2 years ago
- Priority changed from Normal to Low
- Plus Target Version deleted (
22.01) - Affected Version changed from 2.6.0 to All
It can't be removed, it's a necessary part of the algorithm selection. For AES-GCM it's the ICV (Integrity Check Value). Changing the label on that particular field for GCM when it works identically to "key length" on other ciphers is tricky so we have left it as-is.
https://datatracker.ietf.org/doc/html/rfc4106#page-5
If someone wants to come up with some JavaScript to change the field description only when the field is set to an AES-GCM algorithm, that's fine, but it's not a high priority.
Updated by Jim Pingle over 2 years ago
- Subject changed from IPsec AES256/128-GCM encryption algorithm to IPsec AES-GCM encryption algorithm "Key Length" field should be labeled "ICV Length"
Also note that the field options are not 128/256, they are 128/96/64 (plus Auto on P2).
An alternate solution could be to add "ICV Length" into the drop-down text so for example it would be "128 bit ICV length" or similar.
Updated by Danilo Zrenjanin over 2 years ago
Yes, adding ICV Lenght into the drop-down will be helpful. Additionally, a note can be added to the existing help text field.