[strongSwan] Authenticated encryption algorithms syntax

Emeric POUPON emeric.poupon at stormshield.eu
Wed Nov 5 12:07:48 CET 2014


In the ConnSection documentation:

"esp = <cipher suites>

comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g.
aes128-sha256. The notation is encryption-integrity[-dhgroup][-esnmode]."

What about the authenticated encryption algorithms (e.g. gcm)?
Is the integrity algorithm mandatory for parsing but not used?

I can't find any relevant information in the IKEv2CipherSuites documentation.

BTW, I have another question.
In IKEv2, is there a functional difference between multiple proposals (esp=enc1-auth1-..., enc1-auth2-..., enc2-auth1-..., enc2-auth2-...) and multiple algorithms (esp=enc1-enc2-auth1-auth2-...)?

Best Regards,


More information about the Users mailing list