[strongSwan] DES in Strongswan
Andreas Steffen
andreas.steffen at strongswan.org
Tue May 7 19:56:14 CEST 2013
Hi,
we don't allow single DES for IKE but the Linux kernel is offering DES
for ESP.
If you are concerned about your IPsec peer selecting weak algorithms
just use the ike= and esp= configuration options with the '!' strict
flag which will exclude any ciphers you don't want to be selected.
Regards
Andreas
On 05/07/2013 06:20 PM, klybzh22 at wifirst.net wrote:
> Hi all,
>
> just a little question :
>
> I use Strongswan 4.5.2-1.5 on Debian.
>
> I read that the DES algorithm is not supported in strongswan because it
> is too weak (mailing list + on the project site)
>
> but, when i use the command # ipsec listalgs, we can see the DES in the
> list! So my questiion is WHY?
>
> # ipsec listalgs
> 000 List of registered ESP Algorithms:
> 000
> 000 encryption: DES_CBC 3DES_CBC CAST_CBC BLOWFISH_CBC NULL AES_CBC
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130507/b8e4a664/attachment.bin>
More information about the Users
mailing list