<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body>
<p>Hi all,</p>
<p>just a little question :</p>
<p>I use Strongswan 4.5.2-1.5 on Debian.</p>
<p>I read that the DES algorithm is not supported in strongswan because it is too weak (mailing list + on the project site)</p>
<p>but, when i use the command  # ipsec listalgs, we can see the DES in the list! So my questiion is WHY? </p>
<p># ipsec listalgs<br />000  <br />000 List of registered IKEv1 Algorithms:<br />000  <br />000   encryption: BLOWFISH_CBC[openssl] 3DES_CBC[des] AES_CBC[aes] CAMELLIA_CBC[openssl]</p>
<p><br />000   integrity:  HMAC_MD5[md5] HMAC_SHA1[sha1] HMAC_SHA2_256[sha2] HMAC_SHA2_384[sha2] HMAC_SHA2_512[sha2]</p>
<p><br />000   dh-group:   MODP_1024[openssl] MODP_1536[openssl] MODP_2048[openssl] MODP_3072[openssl] MODP_4096[openssl]<br />000               MODP_6144[openssl] MODP_8192[openssl] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl]<br />000               MODP_1024_160[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] ECP_192[openssl] ECP_224[openssl]</p>
<p><br />000   random-gen: RNG_STRONG[random] RNG_TRUE[random]<br />000  </p>
<p><br />000 List of registered ESP Algorithms:<br />000  <br />000   encryption: <span style="color: #ff0000;">DES_CBC</span> 3DES_CBC CAST_CBC BLOWFISH_CBC NULL AES_CBC AES_CTR AES_CCM_8 AES_CCM_12 AES_CCM_16 AES_GCM_8<br />000               AES_GCM_12 AES_GCM_16 CAMELLIA_CBC AES_GMAC SERPENT_CBC TWOFISH_CBC</p>
<p><br />000   integrity:  HMAC_MD5 HMAC_SHA1 HMAC_SHA2_256 HMAC_SHA2_384 HMAC_SHA2_512 HMAC_RIPEMD AES_XCBC_96 NULL HMAC_SHA2_256_96<br /><br />List of registered IKEv2 Algorithms:<br /><br />  encryption: AES_CBC[aes] 3DES_CBC[des] <span style="color: #ff0000;">DES_CBC[des] DES_ECB[des]</span> CAMELLIA_CBC[openssl] RC5_CBC[openssl]<br />              IDEA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl] NULL[openssl] AES_CTR[ctr] CAMELLIA_CTR[ctr]</p>
<p><br />  integrity:  AES_XCBC_96[xcbc] CAMELLIA_XCBC_96[xcbc] HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac]<br />              HMAC_SHA2_256_128[hmac] HMAC_SHA2_256_256[hmac] HMAC_MD5_96[hmac] HMAC_MD5_128[hmac]<br />              HMAC_SHA2_384_192[hmac] HMAC_SHA2_384_384[hmac] HMAC_SHA2_512_256[hmac]</p>
<p><br />  aead:       AES_CCM_8[ccm] AES_CCM_12[ccm] AES_CCM_16[ccm] CAMELLIA_CCM_8[ccm] CAMELLIA_CCM_12[ccm]<br />              CAMELLIA_CCM_16[ccm] AES_GCM_8[gcm] AES_GCM_12[gcm] AES_GCM_16[gcm]</p>
<p><br />  hasher:     HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]<br />              HASH_MD2[openssl] HASH_MD4[openssl]</p>
<p><br />  prf:        PRF_KEYED_SHA1[sha1] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc] PRF_CAMELLIA128_XCBC[xcbc]<br />              PRF_HMAC_SHA1[hmac] PRF_HMAC_SHA2_256[hmac] PRF_HMAC_MD5[hmac] PRF_HMAC_SHA2_384[hmac]<br />              PRF_HMAC_SHA2_512[hmac]</p>
<p><br />  dh-group:   MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] ECP_256[openssl]<br />              ECP_384[openssl] ECP_521[openssl] ECP_224[openssl] ECP_192[openssl] MODP_3072[openssl] MODP_4096[openssl]<br />              MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl] MODP_768[openssl]<br />              MODP_CUSTOM[openssl]</p>
<p><br />  random-gen: RNG_STRONG[random] RNG_TRUE[random]<br /><br /><br /></p>
<p> </p>
<div> </div>
</body></html>