[strongSwan] android: No support for MODP_2048 in 1.3.3?

Andreas Steffen andreas.steffen at strongswan.org
Wed Dec 25 22:08:25 CET 2013 

Hi Mikael,

the current IKE proposal of the Android app is:

IKE:
  3DES_CBC/
  AES_CBC_128/AES_CBC_192/AES_CBC_256/
  AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/
  AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/
  AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/
  HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/
  HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/
  PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_AES128_XCBC/
  PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/
  MODP_1024/MODP_1536/MODP_2048/MODP_3072/MODP_4096/MODP_8192/
  ECP_256/ECP_384/ECP_521/
  MODP_1024_160/MODP_2048_224/MODP_2048_256/
  ECP_192/ECP_224/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP

With IKEv2 the initiator has to settle on a Diffie-Hellman group
because the KE payload is sent in th IKE_SA_INIT request. Since
MODP_1024 is in the first place of the default proposal, a 1024 bit
KE payload is sent to the responder which rejects it in the
IKE_SA_INIT response, requesting the MODP_2048 DH group instead.
This is normal IKEv2 behavior. In a second round the initiator
will repeat the IKE_SA_INIT request with a 2048 bit KE payload.

Of course in the current times it might make sense to reorder
the proposal by moving 3DES, MD5, SHA-1 and MODP_1024 to the back.
I have to check with Tobias if this is possible for the Android
client

Best regards

Andreas

On 12/25/2013 04:14 PM, Mikael Magnusson wrote:
> The Android app stopped working with my VPN gateway after upgrading to
> version 1.3.3 in Google Play Store. Apparently the current version fails
> to connect to a peer which requires MODP_2048, since the following
> message can be seen in the logs on the peer.
> 
> [IKE] DH group MODP_1024 inacceptable, requesting MODP_2048
> 
> I still run the older 1.3.0 on a device and it works with my gateway.
> Any reason to remove or disable support for the stronger MODP_2048 in
> the current version?
> 

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131225/ff485c5d/attachment.bin>

More information about the Users mailing list