aboutsummaryrefslogtreecommitdiffstats
path: root/src/swanctl/commands/load_conns.c
diff options
context:
space:
mode:
authorAndreas Steffen <andreas.steffen@strongswan.org>2015-12-16 07:32:36 +0100
committerAndreas Steffen <andreas.steffen@strongswan.org>2015-12-17 17:49:48 +0100
commita78e1c3b1174a5728531233a4af8c3a55cc5bf11 (patch)
tree231eff89002ea8e8c57461c8875980e175f94c6d /src/swanctl/commands/load_conns.c
parent1c3aa9bfc871598317971a5c66441d3fcc632e96 (diff)
downloadstrongswan-a78e1c3b1174a5728531233a4af8c3a55cc5bf11.tar.bz2
strongswan-a78e1c3b1174a5728531233a4af8c3a55cc5bf11.tar.xz
128 bit default security strength for IKE and ESP algorithms
The default ESP cipher suite is now AES_CBC-128/HMAC_SHA2_256_128 and requires SHA-2 HMAC support in the Linux kernel (correctly implemented since 2.6.33). The default IKE cipher suite is now AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 if the openssl plugin is loaded or AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 if ECC is not available. The use of the SHA-1 hash algorithm and the MODP_2048 DH group has been deprecated and ENCR_CHACHA20_POLY1305 has been added to the default IKE AEAD algorithms.
Diffstat (limited to 'src/swanctl/commands/load_conns.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-18 23:30:25 +0000