[Swan-dev] IKEv1 ike=aes preferring AES128 over AES256?

Paul Wouters paul at nohats.ca
Wed Feb 1 18:46:56 UTC 2017

The RFC 7321bis and 4307bis make 256 keys a MUST, so these are assumed implemented. I think preferring the stronger one everywhere is better and those who for some reason want 128, can do so manually.

Sent from my iPhone

> On Feb 1, 2017, at 13:14, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> For IKEv1, given a line like ike=aes (I suspect technically it is
> something like phase1=aes), pluto proposes:
>   encr=aes, keylen=128,256
> leading it to prefer 128 over 268 (look for the code following the
> comment 'This odd FOR loop' in spdb_struct.c).  However, if nothing at
> all is specified then it proposes:
>   encr=aes,keylen=256
>   encr=aes,keylen=128
> leading to a preference for 256 bit keys (look at spdb.c).
> Should IKEv1 IKE be more consistent and always prefer the stronger 256
> bit key length (i.e., the max key len)?
> Andrew
> (this would also make it consistent with IKEv2)
> (ESP, with different code, would still prefer 128 bit keys)
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list