[strongSwan] IKE Ciphers in relation to ESP Ciphers
Jafar Al-Gharaibeh
jafar at atcorp.com
Tue Oct 10 21:43:23 CEST 2017
Is this possible to do in strongSwan currently ? I didn't find any
documentation regarding this. I might look into adding this capability
if it doesn't currently exist.
Thanks,
Jafar
On 10/5/2017 1:42 PM, Jafar Al-Gharaibeh wrote:
> Hi,
>
> Is there a way to force child SAs not have ciphers that are
> stronger (in term of bits) than the the IKE SA that created them. In
> other words, I want to be able to force IKE encryption to be always
> stronger or equal than that of Child SAs. I know this can be achieved
> by configuring IKE ciphers such that the lowest strength cipher is
> stronger or equal to that of any esp cipher, but that is very
> limiting. Having the ability to do this at run time gives the peers
> more flexibility and more ciphers options to pick from and only make
> the decision per connection.
>
> Regards,
> Jafar
>
More information about the Users
mailing list