On 2020/04/30 23:03, Tobias Heider wrote: > On Thu, Apr 30, 2020 at 09:33:28PM +0100, Stuart Henderson wrote: > > On 2020/04/30 20:11, Tobias Heider wrote: > > > Hi, > > > > > > I would like to modernize our crypto defaults a bit and add some of the > > > supported ECDH Diffie-Hellman groups to the default IKE crypto proposal. > > > There should be no downside to this, if they are not supported by the > > > other side one of the old MODP groups will be used. > > > > > > The same for AEADs in the ESP proposal. We have support for AES-GCM > > > and CHACHA20 for some time now but they never made it into the > > > defaults. > > > > > > ok? > > > > ok to add them. > > On second thought i would actually only add the ECDH groups for now. > For AEADs we would probably need a bit more boilerplate because they would > have to be sent in a second proposal without the AUTH transforms and > that can wait until after the release.
oh yes.. > > > > I'm really tempted to suggest dropping the worst of the rest from default > > transforms, users can still re-add them if needed. Not sure if that's a now > > thing or a post unlock thing though. > > > > I was going to experiment some more (in particular to see what Windows > > comes up with by default nowadays) but the only box I'm running iked on > > that isn't going to interrupt other VPN users, is also running bgpd and > > I just discovered the hard way that starting iked clears out existing > > tcpmd5 SAs so I'm not going to touch that right now ;) > > > > According to the strongswan website [1] the Windows defaults should be: > > 128-CBC, AES-192-CBC, AES-256-CBC, 3DES, SHA-1,SHA-256, SHA-384 and MODP-1024. > > If this is true we could actually drop 3DES and HMAC-SHA1-96, which would be > great. MODP-1024 as the only Diffie-Hellman group however is already the > weakest group we offer (and if not for windows I would gladly drop it as > well). > > [1] https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients I'll check it with a newly setup phonebook entry on a Windows box tomorrow to make sure. I also want to have another look at rekeying as I had some problems reported with that (the strongswan page talks about problems with W7 but I think we had some problems with W10 as well).
