[strongSwan] Forward Secrecy

Wed Dec 20 16:55:23 CET 2017

I am not very happy using RSA as the cipher, since it's been cracked.  And, as any reader of Schnier knows, elliptic curve is out of the question.

ikev2 only here.   I would like to use a DHE cipher, or better yet a lattice cipher, but I can not find any evidence of how to set these.  I presume it would be part of the ike= directive, but there are no examples of what strings to use.  (I have no idea what the esp= directive pertains to)  Can anyone advise?

I notice that there is a provisional lattice cipher for StrongSwan, very good news (though I'd have to compile SS), but unfortunately it is not supported by the Android app.  Would but that it were...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171220/2a3196d1/attachment.html>