[strongSwan] [StrongSwan] RFC compliance of supported cipher suits
ip flow
ipflow123 at gmail.com
Sun Nov 25 17:27:33 CET 2012
Thanks Tobias!
I have two more questions on compliance:
1. Does StrongSwan support RFC 2405 - The ESP DES-CBC Cipher
Algorithm With Explicit IV
2. Do you know if NETKEY support RFC 4301, Section 5.1.1 - Handling an
Outbound Packet That Must Be Discarded: If an IPsec system receives an
outbound packet that it finds it must discard, it SHOULD be capable of
generating and sending an ICMP message to indicate to the sender of
the outbound packet that the packet was discarded.
Regds
On Sat, Nov 24, 2012 at 10:30 AM, ip flow <ipflow123 at gmail.com> wrote:
> Hi,
>
> Does the implementations of supported cipher suites, listed at
> http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
> are complaint to RFCs listed below?
>
> 1. IETF RFC 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec
>
> 2. IETF RFC 3686: Using Advanced Encryption Standard (AES) Counter
> Mode With IPsec Encapsulating Security Payload (ESP)
>
> 3. IETF RFC 2104: HMAC: Keyed-Hashing for Message Authentication
>
> 4. IETF RFC 2403: The Use of HMAC-MD5-96 within ESP and AH
>
> 5. IETF RFC 2404: The Use of HMAC-SHA-1-96 within ESP and AH
>
> 6. IETF RFC 2857: The Use of HMAC-RIPEMD-160-96 within ESP and AH
>
> 7. IETF RFC 3566: The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec
>
> 8. IETF RFC 3664: The AES-XCBC-PRF-128 Algorithm for the Internet Key
> Exchange Protocol (IKE)
>
> Thanks
More information about the Users
mailing list