[strongSwan] Does strongswan (5.0.4) have any options to cache and reuse the diffie-hellman keys?

Steffen Heise foolix81-nerd at yahoo.de
Tue Dec 3 20:14:30 CET 2013


Doing so would make me consider the protocol broken. A main goal of key
agreement protocols like DH is the key's freshness. Reusing old keys for
DH is therefore exactly what should be avoided.

If you do not care about good keys, disable DH and switch to plain RSA
or something similar - don't know if that is possible with strongswan
anyway...

Regards,

Steffen

On 03.12.2013 05:14, Chinmaya Dwibedy wrote:
> 
> Hi,
> The  Diffe Hellman exchange consists of CPU-intensive operations like
> key-pair generation and shared-secret generation. Does  strongswan
> (5.0.4) have any options to cache and reuse the diffie-hellman keys for
> enhanced IKE setup rate?
>  
> Thanks in advance for your support and help.
>  
> Regards,
> Chinmaya
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 




More information about the Users mailing list