[strongSwan] diffie hellman or RSA

nima chavooshi nima0102 at gmail.com
Fri Sep 30 19:16:45 CEST 2011


Hi
Then, why do i have to set certification on conn conf section for any
connection? RSA method in strongswan only is used in authentication not key
exchange?Am I right ?
Eexcuse me for these dummy questions.


On Mon, Sep 26, 2011 at 8:58 AM, nima chavooshi <nima0102 at gmail.com> wrote:

> Hi
> Then, why do i have to set certification on conn conf section for any
> connection? Pki in strongswan only is used in authentication not key
> exchange ?
> Eexcuse me for these dummy question.
>
>
> On Sunday, September 25, 2011, Andreas Steffen <
> andreas.steffen at strongswan.org> wrote:
> > strongSwan exclusively uses Diffie-Hellman for key exchange. There is an
> > RSA encryption variant for IKEv1 but which is rarely used at all.
> >
> > Regards
> >
> > Andreas
> >
> > On 09/25/2011 03:26 PM, nima chavooshi wrote:
> >> Hi
> >> In some documents I have read about diffie hellman and RSA. according
> >> those documents usage of diffie hellman and RSA is equal, in fact, those
> >> method are used for key exchange.but must only one method to be
> selected.
> >> In StrongSwan, I have to set both RSA and diffie hellman in ike or esp
> >> values. so I am a little confused.
> >>
> >> Thanks for any help or guidance
> >
> > ======================================================================
> > Andreas Steffen                         andreas.steffen at strongswan.org
> > strongSwan - the Linux VPN Solution!                www.strongswan.org
> > Institute for Internet Technologies and Applications
> > University of Applied Sciences Rapperswil
> > CH-8640 Rapperswil (Switzerland)
> > ===========================================================[ITA-HSR]==
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110930/65df49a5/attachment.html>


More information about the Users mailing list