Hi Mike, > We use in the ipsec.conf the configuration: > ike=aes256-sha256-modp2048,aes256-sha1-modp2048! > esp=aes256-sha256-modp2048,aes256-sha1-modp2048! > > How big is the size of the private exponent at least, or could a size of > 256 bit guaranteed?
Depends on the dh_exponent_ansi_x9_42 strongswan.conf setting. If it is enabled (default) the size of the private exponent will equal that of the prime (2048 bit), otherwise, the size is determined roughly according to RFC 3526 and in this case will be 384 bit. Regards, Tobias
