[strongSwan] SHA1 vs SHA256

Andreas Steffen andreas.steffen at strongswan.org
Fri Aug 4 20:50:49 CEST 2017


Hi Dusan,

the only workaround I see is to either upgrade your Linux 2.6
kernel or fall back to a SHA-1 based ESP HMAC.

Regards

Andreas

On 04.08.2017 20:46, Dusan Ilic wrote:
> Hi,
> 
> Unfortunately, I'm not following you guys :)
> Could someone please clarify?
> 
> 
> Den 2017-08-04 kl. 19:04, skrev Noel Kuntze:
>> Hi,
>>
>> IIRC pfkey still uses the old truncation (It's mentioned in some
>> relatively recent ticket).
>> Try using kernel-netlink instead.
>>
>> Kind regards
>>
>> Noel
>>
>>
>> On 04.08.2017 19:02, Andreas Steffen wrote:
>>> Hi Dusan,
>>>
>>> hmmm, our documentation says that the correct ESP SHA256_128 HMAC
>>> truncation was introduced with the 2.6.33 kernel but your kernel
>>> might not be a vanilla 2.6.36 kernel:
>>>
>>>   https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
>>>
>>>   (ESP integrity algorithm footnote n)
>>>
>>> Regards
>>>
>>> Andreas
>>>
>>> On 04.08.2017 16:41, Dusan Ilic wrote:
>>>> Hi Andreas
>>>>
>>>> One side is 2.6.36 and the other 3.10.20
>>>>
>>>>
>>>> Den 2017-08-04 kl. 12:48, skrev Andreas Steffen:
>>>>> Hi Dusan,
>>>>>
>>>>> this is a Linux kernel issue. Which kernel versions are you running
>>>>> on the two endpoints?.
>>>>>
>>>>> Regards
>>>>>
>>>>> Andreas
>>>>>
>>>>> On 04.08.2017 12:41, Dusan Ilic wrote:
>>>>>> Hi Noel,
>>>>>>
>>>>>> One side is Strongswan 5.2.2 and the other is 5.5.2.
>>>>>> How do I switch?
>>>>>>
>>>>>>
>>>>>> Den 2017-08-04 kl. 12:25, skrev Noel Kuntze:
>>>>>>> the remote peer probably uses the DRAFT variant of sha2-256, which
>>>>>>> uses 96 bit truncation. strongSwan uses the actual standardized
>>>>>>> variant that truncates to 128 bit.
>>>>>>> You can switch between the two in the newest version of strongSwan
>>>>>>>
>>>>>>> On 04.08.2017 12:23, Dusan Ilic wrote:
>>>>>>>> Hello!
>>>>>>>>
>>>>>>>> I have a strange issue, with both settings below the tunnel goes up
>>>>>>>> as it should, but only with SHA1 in ESP traffic goes through.
>>>>>>>> When I
>>>>>>>> ping the remote client with ESP SHA256 it times out, even though
>>>>>>>> the
>>>>>>>> tunnel reports as being up by Strongswan.
>>>>>>>>
>>>>>>>> Traffic working:
>>>>>>>>
>>>>>>>> ike=aes256-sha256-modp2048!
>>>>>>>> esp=aes128-sha1-modp2048!
>>>>>>>>
>>>>>>>> Traffic not working:
>>>>>>>>
>>>>>>>> ike=aes256-sha256-modp2048!
>>>>>>>> esp=aes256-sha256-modp2048!
>>>>>>>>
>>>>>>>> Below combo doesn't work either:
>>>>>>>>
>>>>>>>> ike=aes256-sha256-modp2048!
>>>>>>>> esp=aes128-sha256-modp2048!
>>>>>>>>
>>>>>>>>
>>>>>>>> Also, are above settings good? I'm having AES128 on ESP because
>>>>>>>> with
>>>>>>>> AES256 I loose too much througput. Do you have any suggestions for
>>>>>>>> change?
>>>>>>>>
>>>>>>>>
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170804/14e5a760/attachment.bin>


More information about the Users mailing list