[strongSwan-dev] why DH group NEWHOPE_128 inacceptable ?

Andreas Steffen andreas.steffen at strongswan.org
Fri Oct 21 15:22:29 CEST 2016

Yes, with IKEv1 a fresh DH exchange is done in the Quick Mode
which derives the ESP keying material.

With IKEv2, the ESP DH parameter will only by used with the
CREATE_CHILD_SA message exchange during rekeying or if multiple
CHILD SAs are installed but not in the initial IKE_AUTH exchange
where the ESP keys for the first CHILD SA are derived from the
IKE DH secret.



On 21.10.2016 14:52, Noel Kuntze wrote:
> On 21.10.2016 13:58, Trump DD wrote:
>> 02[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ
> That's normal. With a certain IKE version (don't remember which),
> the DH-Group only is important when rekeying, because the initial setup of
> a CHILD_SA doesn't include a DH exchange, it is only done when rekeying
> the CHILD_SA.

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20161021/dfe9a0e9/attachment-0001.bin>

More information about the Dev mailing list