Re: [ovs-discuss] Can we choose the encryption algorithms in IPSec?

Ilya Maximets via discuss Thu, 16 May 2024 13:28:28 -0700

On 5/16/24 19:33, Jim C via discuss wrote:
> Hi,
> 
> I'm looking into this IPSec tutorial 
> (https://docs.openvswitch.org/en/latest/tutorials/ipsec/).
> I wonder if there is an option for us to choose the encryption algorithm that 
> we want given we
> want FIPS approved algorithms. Is there a manual?


Hi.  The algorithms are not configurable today.

StrongSwan is configured with the following options:

    keyexchange=ikev2
    ike=aes256gcm16-sha256-modp2048
    esp=aes256gcm16-modp2048

And for Libreswan:

    ike=aes_gcm256-sha2_256
    esp=aes_gcm256
    ikev2=insist

Changing these options will require changing the code of the
ovs-monitor-ipsec daemon.  Which is a python script, so should
not be difficult if necessary.

Best regards, Ilya Maximets.
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Can we choose the encryption algorithms in IPSec?

Reply via email to