[strongSwan] Implications of Weak DH / Logjam on IPSec

Karl Denninger karl at denninger.net
Thu May 21 15:42:44 CEST 2015

On 5/21/2015 08:42, Gerd v. Egidy wrote:
> Hi,
>> It is very interesting to
>> note that the Windows 7/8 Agile IKEv2 VPN client which otherwise is
>> a great application does not propose anything stronger than the
>> 1024 bit DH group.
> And there is no way (registry or similar) to fix this?
> Do you know offhand about other common mobile clients? Does the current iOS 8 
> IKEv1 client support MODP2048? How about the stock Android client?
> Kind regards,
> Gerd

BlackBerry's BB10 also only proposes MODP1024 :(

Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150521/b4566424/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2944 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150521/b4566424/attachment-0001.bin>

More information about the Users mailing list