[strongSwan] aes256-gcm16

Tobias Guggemos tobias.guggemos at stud.ifi.lmu.de
Fri Dec 6 15:20:00 CET 2013


we are performing some measurements and we are wondering about
aes256-gcm16 and aes256-ccm16.

In the ipsec.conf we specify

How does stronswan handle this line? Does it removes the -sha1 part or
does it performs a double authentication: the one from gcm and the one
from sha1?

Is the ICV provided by GCM located in the ICV part of the ESP packet or is
it concireded as part of the encrypted payload.


More information about the Users mailing list