[Swan] What are strongest ciphers that can be used for ike and phase2alg?
Michael Furman
michael_furman at hotmail.com
Tue May 31 07:41:58 UTC 2016
Thanks for the fast and qualified answer!I will happy for couple of clarifications: 1) Sorry but how I configure AES_GCM 256 with SHA2-512?
I have confused with this link http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
The best configuration I have found is the following:
ike=aes_gcm-sha2;modp2048
esp=aes_gcm256-null;modp2048
I want to configure sha2_512 since I do not want to configure sha2-truncbug=yes 2) According to the following link not all AES-NI hardware accelerators support AES_GCM:
https://libreswan.org/wiki/Benchmarking_and_Performance_testing#x86_64_NUMA_Xeon_with_Intel_QuickAssist_PCIe
We run on RHEL6. Do you expect any issue
with AES-NI hardware accelerators and AES_GCM?
> Date: Mon, 30 May 2016 17:14:07 -0400
> From: paul at nohats.ca
> To: michael_furman at hotmail.com
> CC: swan at lists.libreswan.org
> Subject: Re: [Swan] What are strongest ciphers that can be used for ike and phase2alg?
>
> On Mon, 30 May 2016, Michael Furman wrote:
>
> >
> > ike=aes256-sha2_256;modp2048
> >
> > phase2alg=aes256-sha2_256;modp2048
> >
> > What are strongest ciphers that can be used for ike and phase2alg?
>
> That's a bit subjective. For instance, is AES more secure than SERPENT
> or CAMELLIA or CHACHA20POLY1305 or TWOFISH?
>
> > Is it aes256-sha2_512?
> >
> > Can I configure aes512?
>
> There is no such thing aes aes512.
>
> If you want to know what are valid IKE and ESP ciphers, see:
>
> http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
>
> > Any performance overhead with the stronger ciphers?
>
> Yes. For ESP I strongly recommend AES_GCM over AES(_CBC) for performance
> reasons. See https://libreswan.org/wiki/Benchmarking_and_Performance_testing
>
> For IKE that hardly matters, that's only a few packets per hour.
>
> I also recommend staying away from sha2_256 because some implementations
> based on broken linux kernels do a wrong truncation causing interop
> issues. Use sha2_512 instead.
>
> You can find some recommendations in the following drafts:
>
> https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis
>
> https://tools.ietf.org/html/draft-mglt-ipsecme-rfc7321bis
>
> While these are for "mandatory to implement" you can also use these
> as guidance for configurations. Libreswan is constantly updating
> its default proposals to match the latest recommended standards.
> So it should not be needed to specify either ike= or phase2alg=/esp=
> lines but you can do so if you want.
>
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160531/628f4bef/attachment-0001.html>
More information about the Swan
mailing list