On Mon, 30 May 2016, Michael Furman wrote:
ike=aes256-sha2_256;modp2048 phase2alg=aes256-sha2_256;modp2048 What are strongest ciphers that can be used for ike and phase2alg?
That's a bit subjective. For instance, is AES more secure than SERPENT or CAMELLIA or CHACHA20POLY1305 or TWOFISH?
Is it aes256-sha2_512? Can I configure aes512?
There is no such thing aes aes512. If you want to know what are valid IKE and ESP ciphers, see: http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
Any performance overhead with the stronger ciphers?
Yes. For ESP I strongly recommend AES_GCM over AES(_CBC) for performance reasons. See https://libreswan.org/wiki/Benchmarking_and_Performance_testing For IKE that hardly matters, that's only a few packets per hour. I also recommend staying away from sha2_256 because some implementations based on broken linux kernels do a wrong truncation causing interop issues. Use sha2_512 instead. You can find some recommendations in the following drafts: https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis https://tools.ietf.org/html/draft-mglt-ipsecme-rfc7321bis While these are for "mandatory to implement" you can also use these as guidance for configurations. Libreswan is constantly updating its default proposals to match the latest recommended standards. So it should not be needed to specify either ike= or phase2alg=/esp= lines but you can do so if you want. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
