[strongSwan] DES in Strongswan
andreas.steffen at strongswan.org
Tue May 7 19:56:14 CEST 2013
we don't allow single DES for IKE but the Linux kernel is offering DES
If you are concerned about your IPsec peer selecting weak algorithms
just use the ike= and esp= configuration options with the '!' strict
flag which will exclude any ciphers you don't want to be selected.
On 05/07/2013 06:20 PM, klybzh22 at wifirst.net wrote:
> Hi all,
> just a little question :
> I use Strongswan 4.5.2-1.5 on Debian.
> I read that the DES algorithm is not supported in strongswan because it
> is too weak (mailing list + on the project site)
> but, when i use the command # ipsec listalgs, we can see the DES in the
> list! So my questiion is WHY?
> # ipsec listalgs
> 000 List of registered ESP Algorithms:
> 000 encryption: DES_CBC 3DES_CBC CAST_CBC BLOWFISH_CBC NULL AES_CBC
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users