[Swan] What are strongest ciphers that can be used for ike and phase2alg?
Paul Wouters
paul at nohats.ca
Mon May 30 21:14:07 UTC 2016
On Mon, 30 May 2016, Michael Furman wrote:
>
> ike=aes256-sha2_256;modp2048
>
> phase2alg=aes256-sha2_256;modp2048
>
> What are strongest ciphers that can be used for ike and phase2alg?
That's a bit subjective. For instance, is AES more secure than SERPENT
or CAMELLIA or CHACHA20POLY1305 or TWOFISH?
> Is it aes256-sha2_512?
>
> Can I configure aes512?
There is no such thing aes aes512.
If you want to know what are valid IKE and ESP ciphers, see:
http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
> Any performance overhead with the stronger ciphers?
Yes. For ESP I strongly recommend AES_GCM over AES(_CBC) for performance
reasons. See https://libreswan.org/wiki/Benchmarking_and_Performance_testing
For IKE that hardly matters, that's only a few packets per hour.
I also recommend staying away from sha2_256 because some implementations
based on broken linux kernels do a wrong truncation causing interop
issues. Use sha2_512 instead.
You can find some recommendations in the following drafts:
https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis
https://tools.ietf.org/html/draft-mglt-ipsecme-rfc7321bis
While these are for "mandatory to implement" you can also use these
as guidance for configurations. Libreswan is constantly updating
its default proposals to match the latest recommended standards.
So it should not be needed to specify either ike= or phase2alg=/esp=
lines but you can do so if you want.
Paul
More information about the Swan
mailing list