<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px"><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span id="yui_3_16_0_1_1428783632749_11372">Andreas,</span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span><br></span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span id="yui_3_16_0_1_1428783632749_11086">Thanks for the info. This means that the Android client fully supports SuiteB. </span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span><br></span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span id="yui_3_16_0_1_1428783632749_11681" class="" style="">Does the client support pfs? I have </span><span style="font-family: 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;" class="" id="yui_3_16_0_1_1428783632749_12558">esp=aes256-sha384-ecp384! </span>but I only see <span class="" id="yui_3_16_0_1_1428783632749_11675" style="font-family: 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;">AES_CBC_256/HMAC_SHA2_384_192 for the tunnel SA? Maybe I am confused about how pfs works or what adding the DH group to esp= does? I</span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span><br></span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span style="font-family: 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;" class="" id="yui_3_16_0_1_1428783632749_11382">phone1{2}:  INSTALLED, TUNNEL, ESP in UDP SPIs: ca1b40f8_i cf71b373_o</span><br clear="none" style="font-family: 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;" class=""><span style="font-family: 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;" class="" id="yui_3_16_0_1_1428783632749_11383">>      phone1{2}:  AES_CBC_256/HMAC_SHA2_384_192, 15552 bytes_i (100</span><span><br></span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span style="font-family: 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;" class=""><br></span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span style="font-family: 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;" class="">Thanks,</span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span style="font-family: 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;" class=""><br></span></div><div id="yui_3_16_0_1_1428783632749_10854" dir="ltr"><span style="font-family: 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;" class="">Mark-</span></div>  <div id="yui_3_16_0_1_1428783632749_10854" dir="ltr" class="" style=""><span class="" style=""><br class="" style=""></span></div><br><div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"> <font size="2" face="Arial"> On Saturday, April 11, 2015 8:59 AM, Andreas Steffen <andreas.steffen@strongswan.org> wrote:<br> </font> </div>  <br><br> <div class="y_msg_container">Hi Mark,<br clear="none"><br clear="none">the Android client proposes the following cipher suites:<br clear="none"><br clear="none">IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/<br clear="none">    HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/<br clear="none">    HMAC_SHA2_512_256/AES_XCBC_96/<br clear="none">    PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/<br clear="none">    PRF_HMAC_SHA2_512/PRF_AES128_XCBC/<br clear="none">    MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/<br clear="none">    MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/<br clear="none">    ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP,<br clear="none">IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/<br clear="none">    AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/<br clear="none">    AES_GCM_16_256/<br clear="none">    PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/<br clear="none">    PRF_HMAC_SHA2_512/PRF_AES128_XCBC/<br clear="none">    MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/<br clear="none">    MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/<br clear="none">    ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP<br clear="none"><br clear="none">ESP:AES_GCM_16_128/AES_GCM_16_256/NO_EXT_SEQ,<br clear="none">ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ,<br clear="none">ESP:AES_CBC_256/HMAC_SHA2_384_192/NO_EXT_SEQ,<br clear="none">ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA1_96/<br clear="none">    HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/NO_EXT_SEQ<br clear="none"><br clear="none">Best regards<br clear="none"><br clear="none">Andreas<br clear="none"><div class="yqt2082438094" id="yqtfd80654"><br clear="none">On 04/11/2015 04:45 AM, Mark M wrote:<br clear="none">> What cipher suites are officially supported with the Android client? I<br clear="none">> am using Android 5.0.2 and was able to establish an SA and tunnel with<br clear="none">> esp=aes256-sha384-ecp384! and ike=aes256-sha384-ecp384!<br clear="none">> <br clear="none">> The documentation on the site and the Android Play page does not really<br clear="none">> specify the actual supported ciphers?<br clear="none">> <br clear="none">> Below is the output of my strongswan statusall<br clear="none">>  <br clear="none">>  phone1[4]: IKEv2 SPIs: de827fcebd1a9dff_i 8bf56383c0465740_r*, public<br clear="none">> key reauthentication in 2 hours<br clear="none">>       phone1[4]: IKE proposal:<br clear="none">> AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384<br clear="none">>       phone1{2}:  INSTALLED, TUNNEL, ESP in UDP SPIs: ca1b40f8_i cf71b373_o<br clear="none">>       phone1{2}:  AES_CBC_256/HMAC_SHA2_384_192, 15552 bytes_i (100<br clear="none">> pkts, 17s ago), 27531 bytes_o (87 pkts, 17s ago), rekeying in 44 minutes<br clear="none">>       phone1{2}:   0.0.0.0/0 === 192.168.9.1/32<br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> Thanks,<br clear="none">> <br clear="none">> Mark-</div><br clear="none"><br clear="none">======================================================================<br clear="none">Andreas Steffen                         <a shape="rect" ymailto="mailto:andreas.steffen@strongswan.org" href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br clear="none">strongSwan - the Open Source VPN Solution!          www.strongswan.org<br clear="none">Institute for Internet Technologies and Applications<br clear="none">University of Applied Sciences Rapperswil<br clear="none">CH-8640 Rapperswil (Switzerland)<br clear="none">===========================================================[ITA-HSR]==<div class="yqt2082438094" id="yqtfd28412"><br clear="none"></div><br><br></div>  </div> </div>  </div></div></body></html>