On 31 May 2016 at 03:41, Michael Furman <[email protected]> wrote: > > Thanks for the fast and qualified answer! > > I will happy for couple of clarifications: > > > > 1) Sorry but how I configure AES_GCM 256 with SHA2-512? > > I have confused with this link > http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml > > > > The best configuration I have found is the following:
The table on https://tools.ietf.org/html/rfc7296#page-82 might help a little. Ignore ESN. Pluto's syntax is: AUTH - INTEG&|PRF ; DH The second field gets used to select data integrity and/or pseudo random number generation as needed. While, in theory, they could be different, no one ever does that. > ike=aes_gcm-sha2;modp2048 auth=aes_gcm integ="aes_gcm" prf=sha2 dh=modp2048 > esp=aes_gcm256-null;modp2048 That's correct. auth=aes_gcm integ="aes_gcm" prf=none dh=modp2048 but pluto currently ignores this? generating keying material from the IKE secure association > I want to configure sha2_512 since I do not want to configure > sha2-truncbug=yes > > > > 2) According to the following link not all AES-NI hardware accelerators > support AES_GCM: > > https://libreswan.org/wiki/Benchmarking_and_Performance_testing#x86_64_NUMA_Xeon_with_Intel_QuickAssist_PCIe > > We run on RHEL6. Do you expect any issue with AES-NI hardware accelerators > and AES_GCM? I'll let paul answer that. >> Date: Mon, 30 May 2016 17:14:07 -0400 >> From: [email protected] >> To: [email protected] >> CC: [email protected] >> Subject: Re: [Swan] What are strongest ciphers that can be used for ike >> and phase2alg? > >> >> On Mon, 30 May 2016, Michael Furman wrote: >> >> > >> > ike=aes256-sha2_256;modp2048 >> > >> > phase2alg=aes256-sha2_256;modp2048 >> > >> > What are strongest ciphers that can be used for ike and phase2alg? >> >> That's a bit subjective. For instance, is AES more secure than SERPENT >> or CAMELLIA or CHACHA20POLY1305 or TWOFISH? >> >> > Is it aes256-sha2_512? >> > >> > Can I configure aes512? >> >> There is no such thing aes aes512. >> >> If you want to know what are valid IKE and ESP ciphers, see: >> >> http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml >> >> > Any performance overhead with the stronger ciphers? >> >> Yes. For ESP I strongly recommend AES_GCM over AES(_CBC) for performance >> reasons. See >> https://libreswan.org/wiki/Benchmarking_and_Performance_testing >> >> For IKE that hardly matters, that's only a few packets per hour. >> >> I also recommend staying away from sha2_256 because some implementations >> based on broken linux kernels do a wrong truncation causing interop >> issues. Use sha2_512 instead. >> >> You can find some recommendations in the following drafts: >> >> https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis >> >> https://tools.ietf.org/html/draft-mglt-ipsecme-rfc7321bis >> >> While these are for "mandatory to implement" you can also use these >> as guidance for configurations. Libreswan is constantly updating >> its default proposals to match the latest recommended standards. >> So it should not be needed to specify either ike= or phase2alg=/esp= >> lines but you can do so if you want. >> >> Paul > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan > _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
