[strongSwan] Diffie Hellman group 14 private exponent size
Tobias Brunner
tobias at strongswan.org
Tue Mar 13 11:59:48 CET 2018
Hi Mike,
> We use in the ipsec.conf the configuration:
> ike=aes256-sha256-modp2048,aes256-sha1-modp2048!
> esp=aes256-sha256-modp2048,aes256-sha1-modp2048!
>
> How big is the size of the private exponent at least, or could a size of
> 256 bit guaranteed?
Depends on the dh_exponent_ansi_x9_42 strongswan.conf setting. If it is
enabled (default) the size of the private exponent will equal that of
the prime (2048 bit), otherwise, the size is determined roughly
according to RFC 3526 and in this case will be 384 bit.
Regards,
Tobias
More information about the Users
mailing list