[strongSwan] Android Ciphers

Tobias Brunner tobias at strongswan.org
Mon Mar 19 18:30:31 CET 2018


> I am not able to establish a connection with the Android app yet and so
> have no proposed ciphers in my log.

Did you check the server log?

> I infer that which ciphers are supported by the app depend on the
> Android kernel, at least for encryption.

No, IPsec is handled completely in userland by libipsec on Android.

> How would I find out which
> ones these are, currently?

The default ESP proposal can be found in the source [1].  Which other
algorithms are usable depends on the enabled plugins and the algorithms
supported by the used version of OpenSSL/BoringSSL (you can check the
IKE proposals, which include all supported algorithms that are not too

> PFS must be manually enabled, but which levels are currently supported
> in the app?

Don't know what you mean with levels.  But you don't have to enable PFS
manually (unless you refer to the server config, where you do have to
configure DH groups), see default proposals above.

> And is any form of ntru supported for encryption or key
> exchange in the Android app?




More information about the Users mailing list