[strongSwan] what is the default value of the cipher suite?
Martin Willi
martin at strongswan.org
Tue Jul 12 09:09:50 CEST 2011
Hi,
> I just want to know what is the default value of the cipher suite if
> the ike and esp directives in ipsec.conf are not specified in IKEv2.
For ipsec.conf based configurations, starter adds the following default
proposals if none is given:
ike=aes128-sha1-modp2048,3des-sha1-modp1536
esp=aes128-sha1,3des-sha1
If you're not using strict mode (appending a "!"), charon appends a
single additional proposal with additional algorithms (all DH groups
except modp768). For IKE, this includes everything secure and supported
by your plugin configuration. For ESP, this is
aes128-aes192-aes256-3des-blowfish-sha1-aesxcbc-md5.
Regards
Martin
More information about the Users
mailing list