Advanced Cipher Suite Examples » History » Version 16
Version 15 (Andreas Steffen, 06.09.2015 18:40) → Version 16/20 (Tobias Brunner, 20.04.2016 12:09)
h1. Advanced Cipher Suite Examples
|*Algorithm* | *IKEv1* *Pluto Daemon* | *IKEv2* *Charon Daemon* |
|ECP 256, 384, 512 (DH groups 19, 20, 21) |{{tc(openssl-ikev1/alg-ecp-high/,IKEv1)}} |"IKEv1":http://www.strongswan.org/uml/testresults/openssl-ikev1/alg-ecp-high/ | {{tc(openssl-ikev2/alg-ecp-high/,IKEv2)}} "IKEv2":http://www.strongswan.org/uml/testresults/openssl-ikev2/alg-ecp-high/ |
|MODP with subgroups (DH groups 22, 23, 24)|{{tc(ikev1/alg-modp-subgroup/,IKEv1)}} 24)|"IKEv1":http://www.strongswan.org/uml/testresults/ikev1/alg-modp-subgroup/ | {{tc(ikev2/alg-modp-subgroup/,IKEv2)}} "IKEv2":http://www.strongswan.org/uml/testresults/ikev2/alg-modp-subgroup/ |
|ECP 192, 224 (DH groups 25, 26) |{{tc(openssl-ikev1/alg-ecp-low/,IKEv1)}} |"IKEv1":http://www.strongswan.org/uml/testresults/openssl-ikev1/alg-ecp-low/ | {{tc(openssl-ikev2/alg-ecp-low/,IKEv2)}} "IKEv2":http://www.strongswan.org/uml/testresults/openssl-ikev2/alg-ecp-low/ |
|ECDSA 256, 384, 521 |{{tc(openssl-ikev1/ecdsa-certs/,IKEv1)}} |"IKEv1":http://www.strongswan.org/uml/testresults/openssl-ikev1/ecdsa-certs/ |"IKEv2":http://www.strongswan.org/uml/testresults/openssl-ikev2/ecdsa-certs/ | {{tc(openssl-ikev2/ecdsa-certs/,IKEv2)}} |
|AES CTR |{{tc(ikev1/esp-alg-aes-ctr/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-ctr/ | {{tc(ikev2/alg-aes-ctr/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-aes-ctr/ |
|AES CCM |{{tc(ikev1/esp-alg-aes-ccm/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-ccm/ | {{tc(ikev2/alg-aes-ccm/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-aes-ccm/ |
|AES GCM |{{tc(ikev1/esp-alg-aes-gcm/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-gcm/ | {{tc(ikev2/alg-aes-gcm/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-aes-gcm/ |
|AES GMAC^ |{{tc(ikev1/esp-alg-aes-gmac/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-gmac/ | {{tc(ikev2/esp-alg-aes-gmac/,ESP)}} "ESP":http://www.strongswan.org/uml/testresults/ikev2/esp-alg-aes-gmac/ |
|Blowfish CBC |{{tc(ikev1/alg-blowfish/,IKEv1+ESP)}} |{{tc(ikev2/alg-blowfish/,IKEv2+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/ikev1/alg-blowfish/ |"IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-blowfish/ |
|Camellia CBC |{{tc(openssl-ikev1/alg-camellia/,IKEv1+ESP)}}| {{tc(openssl-ikev2/alg-camellia/,IKEv2+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/openssl-ikev1/alg-camellia/ | "IKEv2+ESP":http://www.strongswan.org/uml/testresults/openssl-ikev2/alg-camellia/ |
|Serpent CBC |{{tc(gcrypt-ikev1/alg-serpent/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/gcrypt-ikev1/alg-serpent/ | |
|Twofish CBC |{{tc(gcrypt-ikev1/alg-twofish/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/gcrypt-ikev1/alg-twofish/ | |
|NULL encryption |{{tc(ikev1/esp-alg-null/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-null/ | {{tc(ikev2/esp-alg-null/,ESP)}} "ESP":http://www.strongswan.org/uml/testresults/ikev2/esp-alg-null/ |
|AES XCBC |{{tc(ikev1/esp-alg-aesxcbc/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aesxcbc/ | {{tc(ikev2/alg-aes-xcbc/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-aes-xcbc/ |
|SHA256* |{{tc(ikev1/alg-sha256/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/ikev1/alg-sha256/ | {{tc(ikev2/alg-sha256/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-sha256/ |
|SHA384* |{{tc(ikev1/alg-sha384/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/ikev1/alg-sha384/ | {{tc(ikev2/alg-sha384/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-sha384/ |
|SHA512* |{{tc(ikev1/alg-sha512/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/ikev1/alg-sha512/ | {{tc(ikev2/alg-sha512/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-sha512/ |
|ChaCha20 / Poly1305~ | | {{tc(ikev2/alg-chacha20poly1305/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-chacha20poly1305/ |
^requires the "AES-GMAC patch":http://download.strongswan.org/testing/aes_gmac.patch.bz2 patch":http://download.strongswan.org/uml/aes_gmac.patch.bz2 that was integrated into the Linux 2.6.34 kernel.
*requires the "SHA2 truncation patch":http://download.strongswan.org/testing/sha2.patch.bz2 patch":http://download.strongswan.org/uml/sha2.patch.bz2 that was integrated into the Linux 2.6.33 kernel.
~requires a Linux 4.2 kernel or newer.
|*Algorithm* | *IKEv1* *Pluto Daemon* | *IKEv2* *Charon Daemon* |
|ECP 256, 384, 512 (DH groups 19, 20, 21) |{{tc(openssl-ikev1/alg-ecp-high/,IKEv1)}} |"IKEv1":http://www.strongswan.org/uml/testresults/openssl-ikev1/alg-ecp-high/ | {{tc(openssl-ikev2/alg-ecp-high/,IKEv2)}} "IKEv2":http://www.strongswan.org/uml/testresults/openssl-ikev2/alg-ecp-high/ |
|MODP with subgroups (DH groups 22, 23, 24)|{{tc(ikev1/alg-modp-subgroup/,IKEv1)}} 24)|"IKEv1":http://www.strongswan.org/uml/testresults/ikev1/alg-modp-subgroup/ | {{tc(ikev2/alg-modp-subgroup/,IKEv2)}} "IKEv2":http://www.strongswan.org/uml/testresults/ikev2/alg-modp-subgroup/ |
|ECP 192, 224 (DH groups 25, 26) |{{tc(openssl-ikev1/alg-ecp-low/,IKEv1)}} |"IKEv1":http://www.strongswan.org/uml/testresults/openssl-ikev1/alg-ecp-low/ | {{tc(openssl-ikev2/alg-ecp-low/,IKEv2)}} "IKEv2":http://www.strongswan.org/uml/testresults/openssl-ikev2/alg-ecp-low/ |
|ECDSA 256, 384, 521 |{{tc(openssl-ikev1/ecdsa-certs/,IKEv1)}} |"IKEv1":http://www.strongswan.org/uml/testresults/openssl-ikev1/ecdsa-certs/ |"IKEv2":http://www.strongswan.org/uml/testresults/openssl-ikev2/ecdsa-certs/ | {{tc(openssl-ikev2/ecdsa-certs/,IKEv2)}} |
|AES CTR |{{tc(ikev1/esp-alg-aes-ctr/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-ctr/ | {{tc(ikev2/alg-aes-ctr/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-aes-ctr/ |
|AES CCM |{{tc(ikev1/esp-alg-aes-ccm/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-ccm/ | {{tc(ikev2/alg-aes-ccm/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-aes-ccm/ |
|AES GCM |{{tc(ikev1/esp-alg-aes-gcm/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-gcm/ | {{tc(ikev2/alg-aes-gcm/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-aes-gcm/ |
|AES GMAC^ |{{tc(ikev1/esp-alg-aes-gmac/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-gmac/ | {{tc(ikev2/esp-alg-aes-gmac/,ESP)}} "ESP":http://www.strongswan.org/uml/testresults/ikev2/esp-alg-aes-gmac/ |
|Blowfish CBC |{{tc(ikev1/alg-blowfish/,IKEv1+ESP)}} |{{tc(ikev2/alg-blowfish/,IKEv2+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/ikev1/alg-blowfish/ |"IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-blowfish/ |
|Camellia CBC |{{tc(openssl-ikev1/alg-camellia/,IKEv1+ESP)}}| {{tc(openssl-ikev2/alg-camellia/,IKEv2+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/openssl-ikev1/alg-camellia/ | "IKEv2+ESP":http://www.strongswan.org/uml/testresults/openssl-ikev2/alg-camellia/ |
|Serpent CBC |{{tc(gcrypt-ikev1/alg-serpent/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/gcrypt-ikev1/alg-serpent/ | |
|Twofish CBC |{{tc(gcrypt-ikev1/alg-twofish/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/gcrypt-ikev1/alg-twofish/ | |
|NULL encryption |{{tc(ikev1/esp-alg-null/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-null/ | {{tc(ikev2/esp-alg-null/,ESP)}} "ESP":http://www.strongswan.org/uml/testresults/ikev2/esp-alg-null/ |
|AES XCBC |{{tc(ikev1/esp-alg-aesxcbc/,ESP)}} |"ESP":http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aesxcbc/ | {{tc(ikev2/alg-aes-xcbc/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-aes-xcbc/ |
|SHA256* |{{tc(ikev1/alg-sha256/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/ikev1/alg-sha256/ | {{tc(ikev2/alg-sha256/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-sha256/ |
|SHA384* |{{tc(ikev1/alg-sha384/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/ikev1/alg-sha384/ | {{tc(ikev2/alg-sha384/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-sha384/ |
|SHA512* |{{tc(ikev1/alg-sha512/,IKEv1+ESP)}} |"IKEv1+ESP":http://www.strongswan.org/uml/testresults/ikev1/alg-sha512/ | {{tc(ikev2/alg-sha512/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-sha512/ |
|ChaCha20 / Poly1305~ | | {{tc(ikev2/alg-chacha20poly1305/,IKEv2+ESP)}} "IKEv2+ESP":http://www.strongswan.org/uml/testresults/ikev2/alg-chacha20poly1305/ |
^requires the "AES-GMAC patch":http://download.strongswan.org/testing/aes_gmac.patch.bz2 patch":http://download.strongswan.org/uml/aes_gmac.patch.bz2 that was integrated into the Linux 2.6.34 kernel.
*requires the "SHA2 truncation patch":http://download.strongswan.org/testing/sha2.patch.bz2 patch":http://download.strongswan.org/uml/sha2.patch.bz2 that was integrated into the Linux 2.6.33 kernel.
~requires a Linux 4.2 kernel or newer.