This is an AES key size test to confirm conformance with RFC 3602 Section 5.3: 5.3. Key Length Attribute Since the AES allows variable key lengths, the Key Length attribute MUST be specified in both a Phase 1 exchange [IKE] and a Phase 2 exchange [DOI]. We use ike=aes-sha1 and esp=aes-sha1 Current behaviour is expected to be: 1) allow aes128 and aes256 on the responder 2) use 128 on the initiator (it's the only mandatory to implement key size) Previous behaviour was that for esp= we defaulted to 256 bit and for ike= we didn't send any key length (and we took that ourselves as to mean 128) Future behaviour should be to send 2 proposals instead of one, so this specification becomes symmetrial and will not break when initiator/responder roles switch during rekey when only one end specfies a specific key length. NOTE: we support aes192, but it is not part of our default proposal.