[strongSwan] New Android update option - how to best exploit?

Karl Denninger karl at denninger.net
Wed Jul 5 22:58:00 CEST 2017


On 7/5/2017 02:47, Tobias Brunner wrote:
> Hi Karl,
>
>> Except that I can't install the server's certificate into Android's
>> storage (whether from the base "Security" tab or in the StrongSwan
>> client); it refuses and says there's no certificate it can import.
> If you tried the import option in the CA certificate view of the app and
> it doesn't show up, the mime-type is probably not set correctly (if it
> is set correctly the strongSwan app should actually show up when trying
> to open that file e.g. in the Downloads app).  If it does show up in the
> file browser but the import fails, the file might be corrupt.
>
>> There's no "trusted" certificate option that I can find either in the
>> VPN setup on the StrongSwan Android client -- just the selection for
>> which CA cert to use (either automatic selection or you can pick from
>> the installed and trusted certificates.)
> That's the one.  After you imported the server cert into the app you can
> select it as a "CA certificate" (you basically set the certificate to
> use as trust anchor during authentication).
>
>> Going to ECDSA
>> from an RSA certificate cut the fragments to 2 from 3, but I can't get
>> it to "1", which would remove the fragmentation problem with connection
>> setup.
> Are you talking about IKE or IP fragments?  How big is the IKE_AUTH
> response?
>
>> Then of course there's the base Windows VPN
>> security issues to start with (e.g. the proposals it supports and such
>> -- or more to the point, the ones it doesn't) which, frankly leave me in
>> awe that our government appears at first blush to use it for
>> rather-secure things (or do they?)
> There is a registry key you can enable so it proposes a slightly better
> DH group [1].
>
> Regards,
> Tobias
>
> [1]
> https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048

Yes, there are also some folks trying to harden the ESP side, but when I
used what they claimed worked.... it didn't at all (no agreement on
proposal)

Jul  5 15:50:26 IpGw charon: 05[CFG] received proposals:
ESP:AES_GCM_16_128/NO_EXT_SEQ
Jul  5 15:50:26 IpGw charon: 05[CFG] configured proposals:
ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Jul  5 15:50:26 IpGw charon: 05[IKE] no acceptable proposal found
Jul  5 15:50:26 IpGw charon: 05[IKE] failed to establish CHILD_SA,
keeping IKE_SA

What they recommended was... (from Powershell)

Set-VpnConnectionIPsecConfiguration -ConnectionName "<NAME>"
-AuthenticationTransformConstants GCMAES128 -CipherTransformConstants
GCMAES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA384 -DHGroup
ECP256 -PfsGroup ECP256
 
Ref: https://github.com/trailofbits/algo/pull/464

-- 
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170705/bb396ac6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2993 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170705/bb396ac6/attachment.bin>


More information about the Users mailing list