[strongSwan] charon RSA tunnel setup speed hints?
Andreas Steffen
andreas.steffen at strongswan.org
Tue Aug 14 07:03:14 CEST 2012
No, this doesn't require any agreement. Instead of generating a
random private DH factor with the full size of the exponent
(ANSI X.9.42) which is the default, a reduced number of bits
is used as recommended by RFC 3526 (http://tools.ietf.org/html/rfc3526)
Regards
Andreas
On 08/14/2012 12:35 AM, Richard Andrews wrote:
>
> On Mon, 2012-08-13 at 20:47 +0200, Andreas Steffen wrote:
>> Hi Rich,
>>
>> IKEv2 spends most of its time (more than 80%) in public key
>> computations (DH exchange and RSA signature generation).
>>
>> One way to accelerate the generation of the public DH factor
>> without compromising security is the strongswan.conf setting
>>
>> libstrongswan {
>> dh_exponent_ansi_x9_42 = no
>> }
>
> Does this require agreement between left and right peers?
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list