[Swan] What are strongest ciphers that can be used for ike and phase2alg?

Michael Furman michael_furman at hotmail.com
Tue May 31 07:41:58 UTC 2016


Thanks for the fast and qualified answer!I will happy for couple of clarifications: 1)  Sorry but how I configure AES_GCM 256 with SHA2-512?

I have confused with this link http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml

The best configuration I have found is the following:

ike=aes_gcm-sha2;modp2048

esp=aes_gcm256-null;modp2048

I want to configure sha2_512 since I do not want to configure sha2-truncbug=yes 2)   According to the following link not all AES-NI hardware accelerators support AES_GCM:

https://libreswan.org/wiki/Benchmarking_and_Performance_testing#x86_64_NUMA_Xeon_with_Intel_QuickAssist_PCIe



We run on RHEL6.  Do you expect any issue
with AES-NI hardware accelerators and AES_GCM? 


> Date: Mon, 30 May 2016 17:14:07 -0400
> From: paul at nohats.ca
> To: michael_furman at hotmail.com
> CC: swan at lists.libreswan.org
> Subject: Re: [Swan] What are strongest ciphers that can be used for ike and phase2alg?
> 
> On Mon, 30 May 2016, Michael Furman wrote:
> 
> > 
> > ike=aes256-sha2_256;modp2048
> > 
> > phase2alg=aes256-sha2_256;modp2048
> > 
> > What are strongest ciphers that can be used for ike and phase2alg?
> 
> That's a bit subjective. For instance, is AES more secure than SERPENT
> or CAMELLIA or CHACHA20POLY1305 or TWOFISH?
> 
> > Is it aes256-sha2_512?
> > 
> > Can I configure aes512?
> 
> There is no such thing aes aes512.
> 
> If you want to know what are valid IKE and ESP ciphers, see:
> 
> http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
> 
> > Any performance overhead with the stronger ciphers?
> 
> Yes. For ESP I strongly recommend AES_GCM over AES(_CBC) for performance
> reasons. See https://libreswan.org/wiki/Benchmarking_and_Performance_testing
> 
> For IKE that hardly matters, that's only a few packets per hour.
> 
> I also recommend staying away from sha2_256 because some implementations
> based on broken linux kernels do a wrong truncation causing interop
> issues. Use sha2_512 instead.
> 
> You can find some recommendations in the following drafts:
> 
> https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis
> 
> https://tools.ietf.org/html/draft-mglt-ipsecme-rfc7321bis
> 
> While these are for "mandatory to implement" you can also use these
> as guidance for configurations. Libreswan is constantly updating
> its default proposals to match the latest recommended standards.
> So it should not be needed to specify either ike= or phase2alg=/esp=
> lines  but you can do so if you want.
> 
> Paul
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160531/628f4bef/attachment-0001.html>


More information about the Swan mailing list