diff --git a/src/pluto/alg_info.c b/src/pluto/alg_info.c
index ce7d1c7f1b..edecf14c6b 100644
--- a/src/pluto/alg_info.c
+++ b/src/pluto/alg_info.c
@@ -51,20 +51,13 @@ int alg_info_esp_aa2sadb(int auth)
 {
 	int sadb_aalg = 0;
 
-	switch(auth) {
+	switch(auth)
+	{
 		case AUTH_ALGORITHM_HMAC_MD5:
 		case AUTH_ALGORITHM_HMAC_SHA1:
 			sadb_aalg = auth + 1;
 			break;
-		case AUTH_ALGORITHM_HMAC_SHA2_256:
-		case AUTH_ALGORITHM_HMAC_SHA2_384:
-		case AUTH_ALGORITHM_HMAC_SHA2_512:
-		case AUTH_ALGORITHM_HMAC_RIPEMD:
-		case AUTH_ALGORITHM_AES_XCBC_MAC:
-			sadb_aalg = auth;
-			break;
 		default:
-			/* loose ... */
 			sadb_aalg = auth;
 	}
 	return sadb_aalg;
@@ -74,20 +67,13 @@ int alg_info_esp_sadb2aa(int sadb_aalg)
 {
 	int auth = 0;
 
-	switch(sadb_aalg) {
+	switch(sadb_aalg)
+	{
 		case SADB_AALG_MD5HMAC:
 		case SADB_AALG_SHA1HMAC:
 			auth = sadb_aalg - 1;
 			break;
-		case SADB_X_AALG_SHA2_256HMAC:
-		case SADB_X_AALG_SHA2_384HMAC:
-		case SADB_X_AALG_SHA2_512HMAC:
-		case SADB_X_AALG_RIPEMD160HMAC:
-		case SADB_X_AALG_AES_XCBC_MAC:
-			auth = sadb_aalg;
-			break;
 		default:
-			/* loose ... */
 			auth = sadb_aalg;
 	}
 	return auth;
diff --git a/src/pluto/constants.c b/src/pluto/constants.c
index 2d4784b835..6f991fd691 100644
--- a/src/pluto/constants.c
+++ b/src/pluto/constants.c
@@ -675,15 +675,17 @@ static const char *const auth_alg_name[] = {
 };
 
 static const char *const extended_auth_alg_name[] = {
-	"NULL"
-	};
+	"NULL",
+	"HMAC_SHA2_256_96"
+};
 
 enum_names extended_auth_alg_names =
-	{ AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
+	{ AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_HMAC_SHA2_256_96,
+		extended_auth_alg_name, NULL };
 
 enum_names auth_alg_names =
-	{ AUTH_ALGORITHM_NONE, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
-		, &extended_auth_alg_names };
+	{ AUTH_ALGORITHM_NONE, AUTH_ALGORITHM_SIG_RSA,
+		auth_alg_name, &extended_auth_alg_names };
 
 /* From draft-beaulieu-ike-xauth */
 static const char *const xauth_type_name[] = {
diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c
index 6734833ba0..bf67315e6d 100644
--- a/src/pluto/kernel_alg.c
+++ b/src/pluto/kernel_alg.c
@@ -380,6 +380,7 @@ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen)
 			)
 			/* if AES_CBC is registered then also register AES_CCM and AES_GCM */
 			if (satype == SADB_SATYPE_ESP &&
+				supp_exttype == SADB_EXT_SUPPORTED_ENCRYPT &&
 				sadb.alg->sadb_alg_id == SADB_X_EALG_AESCBC)
 			{
 				struct sadb_alg alg = *sadb.alg;
@@ -395,6 +396,16 @@ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen)
 					}
 				}
 			}
+			/* if SHA2_256 is registered then also register SHA2_256_96 */
+			if (satype == SADB_SATYPE_ESP &&
+				supp_exttype == SADB_EXT_SUPPORTED_AUTH &&
+				sadb.alg->sadb_alg_id == SADB_X_AALG_SHA2_256HMAC)
+			{
+				struct sadb_alg alg = *sadb.alg;
+
+				alg.sadb_alg_id = SADB_X_AALG_SHA2_256_96HMAC;
+				kernel_alg_add(satype, supp_exttype, &alg);
+			}
 		}
 	}
 }