[strongSwan] Implications of Weak DH / Logjam on IPSec

Fred curious_freddy at gmsl.co.uk
Mon Jun 15 13:14:02 CEST 2015

On 21/05/2015 14:42, Karl Denninger wrote:
> On 5/21/2015 08:42, Gerd v. Egidy wrote:
>>> It is very interesting to
>>> note that the Windows 7/8 Agile IKEv2 VPN client which otherwise is
>>> a great application does not propose anything stronger than the
>>> 1024 bit DH group.
>> And there is no way (registry or similar) to fix this?
>> Do you know offhand about other common mobile clients? Does the current iOS 8
>> IKEv1 client support MODP2048? How about the stock Android client?
> BlackBerry's BB10 also only proposes MODP1024 :(

Maybe a StrongSwan native app is a good thing for both of these 
platforms then? Maybe the StongSwan team will be able to take advantage 
of this Windows 10 announcement:


More information about the Users mailing list