[strongSwan] Security Comparison

Christian Salway christian.salway at naimuri.com
Thu Jul 19 12:11:22 CEST 2018

Great read on how HTTPS works

https://robertheaton.com/2014/03/27/how-does-https-actually-work/ <https://robertheaton.com/2014/03/27/how-does-https-actually-work/>

From reading that, if a client was only to present a ciphersuite of 3DES (or worse) in the initial ClientHello, then it really doesnt matter how strong the ServerCert is in the handshake because once the Client and Server agree on the algo to use (3DES) and symmetric key, then this is where the strength is.... I feel the world is oblivious to this fact.  You can have the strongest ServerCert but unless you have a strong algorithm, it is wasted... right?

So if thats correct, how do you find out what the actual algorithm used for the data messaging is :/  On to my continued studies.

> On 19 Jul 2018, at 09:38, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Christian,
>> I am also
>> limited to the native OSX/Windows VPN clients which currently support a
>> maximum of aes256-sha256-prfsha256-ecp256-modp2048 (Windows does not
>> support ecp)
> It does (at least on Windows 10), you just have to enable it via
> PowerShell (see [1]).
>> Apart from IPSEC being Layer 3 and HTTP being Layer 6, meaning that
>> should a VPN client be infected with a worm, it is easier for that worm
>> to infect the network, I’m struggling to see another security argument.
> Probably depends on the IPsec policies (e.g. if split tunneling is used
> or even only single protocols/ports are allowed) and the firewall rules
> on the remote end vs. what is available via HTTPS connection (e.g. if
> the latter creates a VPN too or the malware can hijack the VDI somehow).
>> Data encrypted over RSA 4096 SHA-2 on paper seems a secure connection.
> Nobody encrypts large amounts of data via RSA, if anything it's used to
> encrypt a symmetric key that's then used to encrypt the data, but mostly
> only for authentication (digital signatures).  The key exchange usually
> happens via ephemeral DH (in IKE always and nowadays in TLS too).
>>  Whereas IKE also uses a certificate to do the KeyExchange before
>> logging in 
> No, the key exchange is done via DH, the certificate is used for
> authentication only (to prevent MITM attacks).
>> and then encrypting the data with ESP, so the ciphers used on
>> ESP I feel is the comparison that needs to be made.
> The cryptographic strength of all ciphers in a cipher suite should be
> consistent.  For instance, using AES-256 for ESP is basically wasted
> when using MODP-2048 because that has only an estimated strength of 112
> bits (same for ECP-256 whose estimated strength is 128 bits).
>> I will have a read of that Cipher suites page, but if I remember
>> correctly, it is not a comparison but a standpoint.
> It mainly documents the available options (there are some warnings/notes
> though).  [2] has some general pointers regarding the security of
> IKE/IPsec connections.
> Regards,
> Tobias
> [1]
> https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048
> [2]
> https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180719/5bb4a0fe/attachment.html>

More information about the Users mailing list