[strongSwan] Selecting proper encryption pairings

Tom Rymes trymes at rymes.com
Mon Feb 18 19:31:59 CET 2019

Can anyone point me to some good information for which of the various 
options should be paired together? I've done a fair amount of digging, 
but it's always nice to have some confirmation that my interpretation is 

I am working with Strongswan and Windows Roadwarrior clients, and am 
thus limited to (I have omitted some of the weaker options):

Encryption: AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256

Integrity: SHA2_256, SHA2_384

Grouptype: MODP2048, ECP256, ECP384

Which combinations of encryption and integrity options provides the best 
possible security without wasting computational effort for each of the 

Many thanks,


More information about the Users mailing list