[strongSwan] (no subject)

Andreas Steffen andreas.steffen at strongswan.org
Fri Aug 31 12:20:11 CEST 2018

Hi Sandesh,

strongSwan is not vulnerable to the Bleichenbacher oracle attack
since we did not implement the RSA encryption authentication variant
for IKEv1.

Best regards


On 31.08.2018 10:53, Sandesh Sawant wrote:
> Hi all,
> I came across below news about a paper enlisting attacks pertaining to
> IKE protocol, and want to know whether the latest version of trongSwan
> stack is vulnerable to the attacks mentioned in this
> paper: https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
> References:
> https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/
> https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html
> Thanks,
> Sandesh

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list