[strongSwan] Android Ciphers
infosec at quantum-equities.com
Mon Mar 19 18:59:43 CET 2018
On 03/19/2018 10:30 AM, Tobias Brunner wrote:
>> I am not able to establish a connection with the Android app yet and so
>> have no proposed ciphers in my log.
> Did you check the server log?
Sure. Please see "Re: [strongSwan] One to Many VPN (Host-Host)",
18/03/2018 17:08, this listserv.
>> I infer that which ciphers are supported by the app depend on the
>> Android kernel, at least for encryption.
> No, IPsec is handled completely in userland by libipsec on Android.
>> How would I find out which
>> ones these are, currently?
> The default ESP proposal can be found in the source . Which other
> algorithms are usable depends on the enabled plugins and the algorithms
> supported by the used version of OpenSSL/BoringSSL (you can check the
> IKE proposals, which include all supported algorithms that are not too
You seem to be saying that OpenSSL/BoringSSL is installed in Android?
How can it then be completely determined in userland by libipsec on
Android? I'm just trying to find out what is supported so I can choose
what I think are the best algos. And I'd like to know.
>> PFS must be manually enabled, but which levels are currently supported
>> in the app?
> Don't know what you mean with levels. But you don't have to enable PFS
> manually (unless you refer to the server config, where you do have to
> configure DH groups), see default proposals above.
I have in my Android notes: "/The IPsec proposal is limited to AES
encryption with SHA2/SHA1 data integrity or AES-GCM authenticated
encryption. Optionally, using PFS with one of a number of proposed
ECP/MODP DH groups./"
Apparently PFS must be manually enabled in ESP, but which groups are
currently supported in the app?
>> And is any form of ntru supported for encryption or key
>> exchange in the Android app?
In Android is this a limitation of libipsec or of OpenSSL/BoringSSL (or
of something else)?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users