Thanks for the fast and qualified answer!I will happy for couple of clarifications: 1) Sorry but how I configure AES_GCM 256 with SHA2-512?
I have confused with this link http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml The best configuration I have found is the following: ike=aes_gcm-sha2;modp2048 esp=aes_gcm256-null;modp2048 I want to configure sha2_512 since I do not want to configure sha2-truncbug=yes 2) According to the following link not all AES-NI hardware accelerators support AES_GCM: https://libreswan.org/wiki/Benchmarking_and_Performance_testing#x86_64_NUMA_Xeon_with_Intel_QuickAssist_PCIe We run on RHEL6. Do you expect any issue with AES-NI hardware accelerators and AES_GCM? > Date: Mon, 30 May 2016 17:14:07 -0400 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: [Swan] What are strongest ciphers that can be used for ike and > phase2alg? > > On Mon, 30 May 2016, Michael Furman wrote: > > > > > ike=aes256-sha2_256;modp2048 > > > > phase2alg=aes256-sha2_256;modp2048 > > > > What are strongest ciphers that can be used for ike and phase2alg? > > That's a bit subjective. For instance, is AES more secure than SERPENT > or CAMELLIA or CHACHA20POLY1305 or TWOFISH? > > > Is it aes256-sha2_512? > > > > Can I configure aes512? > > There is no such thing aes aes512. > > If you want to know what are valid IKE and ESP ciphers, see: > > http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml > > > Any performance overhead with the stronger ciphers? > > Yes. For ESP I strongly recommend AES_GCM over AES(_CBC) for performance > reasons. See https://libreswan.org/wiki/Benchmarking_and_Performance_testing > > For IKE that hardly matters, that's only a few packets per hour. > > I also recommend staying away from sha2_256 because some implementations > based on broken linux kernels do a wrong truncation causing interop > issues. Use sha2_512 instead. > > You can find some recommendations in the following drafts: > > https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis > > https://tools.ietf.org/html/draft-mglt-ipsecme-rfc7321bis > > While these are for "mandatory to implement" you can also use these > as guidance for configurations. Libreswan is constantly updating > its default proposals to match the latest recommended standards. > So it should not be needed to specify either ike= or phase2alg=/esp= > lines but you can do so if you want. > > Paul
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
