make default ciphers stronger
Let's make default cipher set stronger. I remember reading about how GCM wasn't included because of old linux or something. There's no point of keeping that backward compat as those distros went EOL long ago. I don't see why a strongwan distribution on latest Fedora is requesting to use CBC instead of anything more sane available.
#1 Updated by Tobias Brunner about 2 years ago
- Status changed from New to Feedback
- Target version set to 5.9.0
I remember reading about how GCM wasn't included because of old linux or something.
That's generally still a problem because we can't query what algorithms the kernel actually supports. So unlike the IKE proposals, which are based on the algorithms provided by plugins, we have to guess what algorithms the kernel will support (if it doesn't support one of the negotiated algorithms, CHILD_SA installation will simply fail with a kernel error).
But I agree that AES-GCM is pretty widely available nowadays and it's listed as a MUST in RFC 8221, so I suppose we can add an AEAD default proposal for ESP that includes AES-GCM with one of the next releases.