[strongSwan] DES in Strongswan

klybzh22 at wifirst.net klybzh22 at wifirst.net
Tue May 7 18:20:45 CEST 2013 

 

Hi all, 

just a little question : 

I use Strongswan 4.5.2-1.5 on
Debian. 

I read that the DES algorithm is not supported in strongswan
because it is too weak (mailing list + on the project site) 

but, when
i use the command # ipsec listalgs, we can see the DES in the list! So
my questiion is WHY? 

# ipsec listalgs
000 
000 List of registered
IKEv1 Algorithms:
000 
000 encryption: BLOWFISH_CBC[openssl]
3DES_CBC[des] AES_CBC[aes] CAMELLIA_CBC[openssl] 

000 integrity:
HMAC_MD5[md5] HMAC_SHA1[sha1] HMAC_SHA2_256[sha2] HMAC_SHA2_384[sha2]
HMAC_SHA2_512[sha2] 

000 dh-group: MODP_1024[openssl]
MODP_1536[openssl] MODP_2048[openssl] MODP_3072[openssl]
MODP_4096[openssl]
000 MODP_6144[openssl] MODP_8192[openssl]
ECP_256[openssl] ECP_384[openssl] ECP_521[openssl]
000
MODP_1024_160[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl]
ECP_192[openssl] ECP_224[openssl] 

000 random-gen: RNG_STRONG[random]
RNG_TRUE[random]
000 

000 List of registered ESP Algorithms:
000 
000
encryption: DES_CBC 3DES_CBC CAST_CBC BLOWFISH_CBC NULL AES_CBC AES_CTR
AES_CCM_8 AES_CCM_12 AES_CCM_16 AES_GCM_8
000 AES_GCM_12 AES_GCM_16
CAMELLIA_CBC AES_GMAC SERPENT_CBC TWOFISH_CBC 

000 integrity: HMAC_MD5
HMAC_SHA1 HMAC_SHA2_256 HMAC_SHA2_384 HMAC_SHA2_512 HMAC_RIPEMD
AES_XCBC_96 NULL HMAC_SHA2_256_96

List of registered IKEv2
Algorithms:

 encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des]
DES_ECB[des] CAMELLIA_CBC[openssl] RC5_CBC[openssl]
 IDEA_CBC[openssl]
CAST_CBC[openssl] BLOWFISH_CBC[openssl] NULL[openssl] AES_CTR[ctr]
CAMELLIA_CTR[ctr] 

 integrity: AES_XCBC_96[xcbc] CAMELLIA_XCBC_96[xcbc]
HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac]

HMAC_SHA2_256_128[hmac] HMAC_SHA2_256_256[hmac] HMAC_MD5_96[hmac]
HMAC_MD5_128[hmac]
 HMAC_SHA2_384_192[hmac] HMAC_SHA2_384_384[hmac]
HMAC_SHA2_512_256[hmac] 

 aead: AES_CCM_8[ccm] AES_CCM_12[ccm]
AES_CCM_16[ccm] CAMELLIA_CCM_8[ccm] CAMELLIA_CCM_12[ccm]

CAMELLIA_CCM_16[ccm] AES_GCM_8[gcm] AES_GCM_12[gcm] AES_GCM_16[gcm] 


hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2]
HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
 HASH_MD2[openssl]
HASH_MD4[openssl] 

 prf: PRF_KEYED_SHA1[sha1]
PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc]
PRF_CAMELLIA128_XCBC[xcbc]
 PRF_HMAC_SHA1[hmac] PRF_HMAC_SHA2_256[hmac]
PRF_HMAC_MD5[hmac] PRF_HMAC_SHA2_384[hmac]
 PRF_HMAC_SHA2_512[hmac] 


dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] ECP_256[openssl]

ECP_384[openssl] ECP_521[openssl] ECP_224[openssl] ECP_192[openssl]
MODP_3072[openssl] MODP_4096[openssl]
 MODP_6144[openssl]
MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl]
 MODP_CUSTOM[openssl] 

 random-gen:
RNG_STRONG[random] RNG_TRUE[random]

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130507/299dbf85/attachment.html>

More information about the Users mailing list