[strongSwan] Security Comparison

Dirk Hartmann dha at heise.de
Thu Jul 19 11:07:17 CEST 2018



--On Thursday, July 19, 2018 09:58:51 AM +0100 Christian Salway 
<christian.salway at naimuri.com> wrote:

>
> Thanks. answers inline
>
>
>> On 19 Jul 2018, at 09:38, Tobias Brunner <tobias at strongswan.org>
>> wrote:
>>
>> Hi Christian,
>>
>>> I am also
>>> limited to the native OSX/Windows VPN clients which currently
>>> support a maximum of aes256-sha256-prfsha256-ecp256-modp2048
>>> (Windows does not support ecp)
>>
>> It does (at least on Windows 10), you just have to enable it via
>> PowerShell (see [1]).
>
> Even with the registry key added, the IKE ciphers are as follows:
>
> WINDOWS 10
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
> IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048

Have a look here:
<https://docs.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps>

Regards,
Dirk



More information about the Users mailing list