[strongSwan] Recommended Practice: Encryption options for net-to-net tunnels
trymes at rymes.com
Thu Dec 10 17:45:14 CET 2015
On 12/10/2015 11:34 AM, Andreas Steffen wrote:
> if you know the options on both sides then one set of options
> is sufficient. If the connection setup works the first time
> around then it will always work. If you are not sure what
> the other side supports then you have to define several
> options with the preferred option up front and the most common
> option e.g. (aes128-sha1-modp2048) at the very end.
Thanks for confirming that, Andreas. My suspicion was that would be the
case, but I wanted to confirm.
> By the way
> does not give you constant 256 bit security. The correct choice is
Excellent, this is great information!
More information about the Users