[strongSwan] Authenticated encryption algorithms syntax
emeric.poupon at stormshield.eu
Wed Nov 5 12:07:48 CET 2014
In the ConnSection documentation:
"esp = <cipher suites>
comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g.
aes128-sha256. The notation is encryption-integrity[-dhgroup][-esnmode]."
What about the authenticated encryption algorithms (e.g. gcm)?
Is the integrity algorithm mandatory for parsing but not used?
I can't find any relevant information in the IKEv2CipherSuites documentation.
BTW, I have another question.
In IKEv2, is there a functional difference between multiple proposals (esp=enc1-auth1-..., enc1-auth2-..., enc2-auth1-..., enc2-auth2-...) and multiple algorithms (esp=enc1-enc2-auth1-auth2-...)?
More information about the Users