[strongSwan] [StrongSwan] RFC compliance of supported cipher suits

Andreas Steffen andreas.steffen at strongswan.org
Sat Nov 24 15:17:56 CET 2012 

Hi,

see my inline commenents:

On 11/24/2012 06:00 AM, ip flow wrote:
> Hi,
> 
> Does the implementations of supported cipher suites, listed at
> http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
> are complaint to RFCs listed below?
> 
> 1. IETF RFC 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec
>
Yes, implemented for ESP by the Linux kernel, configurable by strongSwan

> 2. IETF RFC 3686: Using Advanced Encryption Standard (AES) Counter
> Mode With IPsec Encapsulating Security Payload (ESP)
>
Yes, implemented for ESP by the Linux kernel, configurable by strongSwan

> 3. IETF RFC 2104: HMAC: Keyed-Hashing for Message Authentication
>
Yes, HMAC is supported both by the Linux Kernel and libstrongswan

> 4. IETF RFC 2403: The Use of HMAC-MD5-96 within ESP and AH
>
Yes, implemented for ESP by the Linux kernel, configurable by strongSwan

> 5. IETF RFC 2404: The Use of HMAC-SHA-1-96 within ESP and AH
>
Yes, implemented for ESP by the Linux kernel, configurable by strongSwan

> 6. IETF RFC 2857: The Use of HMAC-RIPEMD-160-96 within ESP and AH
>
Partial, implemented for ESP by the Linux kernel but currently not
configurable by strongSwan

> 7. IETF RFC 3566: The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec
>
Yes, implemented for ESP by the Linux kernel, configurable by strongSwan


> 8. IETF RFC 3664: The AES-XCBC-PRF-128 Algorithm for the Internet Key
> Exchange Protocol (IKE)
>
Yes, supported by libstrongswan

>  Thanks

Best regards

Andreas

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121124/d88267cb/attachment.bin>

More information about the Users mailing list