> On 23 Jul 2015, at 18:10, Tobias Brunner <[email protected]> wrote: > but more correctly you'd define that as prfsha256 in the IKE proposal instead.
Noted, I’ve updated the IKE proposal accordingly.
> You saw that the proposal by the iOS 8 client does not contain a DH
> group. This is actually not RFC 7296 (IKEv2) compliant. So this looks like a
> bug in iOS 8 to me.
It also sounds like my suspicions about lack of PFS support in IOS8.3 are
confirmed.
> The iOS 8 IKEv2 client can handle a single proposal for ESP, which can
> be changed with the ChildSecurityAssociationParameters in the profile.
> You obviously already did specify that to use AES-GCM. If the proposal
> in your profile actually includes a DiffieHellmanGroup key with the
> value set to 16 then this looks like another bug.
Indeed, the mobileconfig I used on the IOS device contains the supposedly
supported child DH param '16' :
<key>ChildSecurityAssociationParameters</key>
<dict>
<key>EncryptionAlgorithm</key>
<string>AES-256-GCM</string>
<key>IntegrityAlgorithm</key>
<string>SHA2-256</string>
<key>DiffieHellmanGroup</key>
<integer>16</integer>
<key>LifeTimeInMinutes</key>
<integer>720</integer>
</dict>
> Does the same happen if the client initiates the rekeying? Does the
> behavior change if you don't use AES-GCM?
I tried getting the IOS8 client to do a rekey by using this config, as there’s
no way to force a rekey on the device AFAIK :
keylife=5m
rekeymargin=1m
rekey=no
But a rekey attempt from the IOS8 device hasn’t happened yet, I’ll leave it a
few hours and see what happens, but in the meantime
I am satisfied to discover that IOS8 cannot handle rekey from the server, and
cannot seemingly support PFS.
Kind regards and thank you for your attention on this matter,
Tom
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
