[Swan] What are strongest ciphers that can be used for ike and phase2alg?

Paul Wouters paul at nohats.ca
Mon May 30 21:14:07 UTC 2016

On Mon, 30 May 2016, Michael Furman wrote:

> ike=aes256-sha2_256;modp2048
> phase2alg=aes256-sha2_256;modp2048
> What are strongest ciphers that can be used for ike and phase2alg?

That's a bit subjective. For instance, is AES more secure than SERPENT

> Is it aes256-sha2_512?
> Can I configure aes512?

There is no such thing aes aes512.

If you want to know what are valid IKE and ESP ciphers, see:


> Any performance overhead with the stronger ciphers?

Yes. For ESP I strongly recommend AES_GCM over AES(_CBC) for performance
reasons. See https://libreswan.org/wiki/Benchmarking_and_Performance_testing

For IKE that hardly matters, that's only a few packets per hour.

I also recommend staying away from sha2_256 because some implementations
based on broken linux kernels do a wrong truncation causing interop
issues. Use sha2_512 instead.

You can find some recommendations in the following drafts:



While these are for "mandatory to implement" you can also use these
as guidance for configurations. Libreswan is constantly updating
its default proposals to match the latest recommended standards.
So it should not be needed to specify either ike= or phase2alg=/esp=
lines  but you can do so if you want.


More information about the Swan mailing list