Hi, > The Diffe Hellman exchange consists of CPU-intensive operations like > key-pair generation and shared-secret generation. Does strongswan > (5.0.4) have any options to cache and reuse the diffie-hellman keys for > enhanced IKE setup rate?
What an implementation can do is to reuse Diffie-Hellman exponentials for multiple exchanges. strongSwan currently does not support that, but always uses fresh exponentials, as it has some implications to the perfect forward secrecy properties of the protocol. Instead, I'd recommend to make sure you have set libstrongswan.dh_exponent_ansi_x9_42 = no. Or even better, switch to ECDH, which is significantly faster. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
