[strongSwan] AES GCM question
Guru Shetty
gurushettylists at gmail.com
Wed Oct 24 19:39:34 CEST 2012
Hello All,
In the test results page of the wiki for ikev2, the following
configuration is being used.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
ike=aes256gcm16-aesxcbc-modp2048!
esp=aes256gcm16-modp2048!
Is there a reason for using "aesxcbc" for ike? Doesn't aes-gcm provide
both authenticity and confidentiality?
Also, if I want to use the transport mode for the above configuration,
do I need to worry about anything?
Thanks,
Guru
More information about the Users
mailing list