> I am not very happy using RSA as the cipher, since it's been cracked. And, > as any reader of Schnier knows, elliptic curve is out of the question. > > ikev2 only here. I would like to use a DHE cipher, or better yet a lattice > cipher, but I can not find any evidence of how to set these. I presume it > would be part of the ike= directive, but there are no examples of what > strings to use. (I have no idea what the esp= directive pertains to) Can > anyone advise? > > I notice that there is a provisional lattice cipher for StrongSwan, very good > news (though I'd have to compile SS), but unfortunately it is not supported > by the Android app. Would but that it were...
I read [here](https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations), "PFS for strongSwan 5.x onwards is enabled by appending a DH group to the ESP or AH cipher settings." Uh, you don't say? It gives no further clues to the proletariat how to work this arcane magick.
