[strongSwan-dev] NIST SP800-131a

Martin Willi martin at strongswan.org
Wed Jan 23 09:26:37 CET 2013

Hi Dale,

> 1. Does strongSwan inherently use any cryptographic functions for any 
> reason that are not controlled through the connection configuration 
> definition?

This highly depends on your setup. If you use some fancy authentication
mechanism such as EAP-TLS, EAP-SIM or RADIUS, yes. These protocols use
their own cryptographic algorithm set.

And to mention is that IKEv2 uses SHA1 signatures to authenticate with
RSA, regardless of the used certificates. IKEv2 does currently not
provide any way to negotiate hash algorithms and recommends to use SHA1.

Of course the algorithms used in your certificates also matter.

>   a. Is the PRNG in your default cryptographic library compliant with 
> these standards?

I don't know these specs in detail, so I can't say. IKEv2 uses Pseudo
Random Functions defined by the proposal.

>   b. What is the entropy source for your PRNG and do you manage the PRNG 
> per these standards requirements?

In the default configuration, /dev/random and /dev/urandom are used to
get random bytes. There certainly is some info out there about the
quality of these random sources under Linux.

> 3. SP 800-131a's definition implies the use of TLS 1.2 interfaces. Do you 
> know of any reason we cannot configure a connection with this protocol? 

IPsec and its key management protocols are unrelated to SSL/TLS. It's a
different protocol. You can use EAP-TLS to authenticate peers within
IKEv2, but this is just another EAP method, and it is used for
authentication only.

> 4. We are running on StrongSwan 4.6.1. Do you know of any limitations of 
> this level relative to this discussion? 


> 5. I am not particularly expert on your connection configuration files, 
> and I am wondering whether this file lets you control things such the TLS 
> level and the mechanism for key exchange. I see there lists of these in 
> the StrongSwan.Config and that you can over-ride this. Is this where you 
> would effect this level of control? For example, say we wanted to limit 
> all connections to TLS 1.2 or say we wanted to limit a specific connection 
> to TLS 1.2 but allow other connections to use TLS 1.2 or lower levels of 
> TLS? 

As said, strongSwan is not an SSL-VPN, and TLS can be used only in some
EAP methods (EAP-TLS/TTLS or PEAP) for authentication.

There is currently no option to limit our TLS stack to a specific
version (it supports 1.0, 1.1 and 1.2), but you can limit the cipher
suites on a global level, see [1].



More information about the Dev mailing list