[strongSwan-dev] why DH group NEWHOPE_128 inacceptable ?
andreas.steffen at strongswan.org
Fri Oct 21 15:22:29 CEST 2016
Yes, with IKEv1 a fresh DH exchange is done in the Quick Mode
which derives the ESP keying material.
With IKEv2, the ESP DH parameter will only by used with the
CREATE_CHILD_SA message exchange during rekeying or if multiple
CHILD SAs are installed but not in the initial IKE_AUTH exchange
where the ESP keys for the first CHILD SA are derived from the
IKE DH secret.
On 21.10.2016 14:52, Noel Kuntze wrote:
> On 21.10.2016 13:58, Trump DD wrote:
>> 02[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ
> That's normal. With a certain IKE version (don't remember which),
> the DH-Group only is important when rekeying, because the initial setup of
> a CHILD_SA doesn't include a DH exchange, it is only done when rekeying
> the CHILD_SA.
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
More information about the Dev