From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Apple IKEv2 and Ciphers Date: Mon, 07 Feb 2022 15:09:58 +0000 Message-ID: <2EAB073F-BC65-4CD6-A1A4-8B2E7E6F38D4@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1814012185033630005==" List-Id: --===============1814012185033630005== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Tom, > On 6 Feb 2022, at 15:01, Tom Rymes wrote: >=20 > All, >=20 > I wanted first to thank Michael for all the work put into creating the Appl= e Configuration Profiles feature for IPSec. It=E2=80=99s really quite nice to= use. Very glad that it works like a charm. > Anyhow, I was surprised to find that the ciphers used included MODP_1024, w= hich IPFire lists as =E2=80=9CBroken=E2=80=9D. Now, I=E2=80=99m the first to = admit that I do not fully grasp the intricacies of selecting a cipher suite, = but this seemed odd to me. I also noticed that the Profile is written to sele= ct DH Group 21 (ECP_521), not MODP_1024, which is what ends up getting used. When I developed this, MODP-1024/2048 was all that iOS supported. I tried to = create a little table on the wiki to reflect that: https://wiki.ipfire.org/configuration/services/ipsec/host-to-net/apple It is a but further down the page: =E2=80=A2 iOS 14: AES-GCM-256-128 / SHA2-256 / MODP-2048 =E2=80=A2 iOS 13: AES-256/192/128-GCM/CBC, SHA512/384/256, MODP-1024 only =E2=80=A2 Catalina 10.15.7: AES-GCM-256-128 / SHA2-256 / MODP-1024 =E2=80=A2 High Sierra 10.13.6: AES-GCM-16-256 / SHA2-512 / MODP-1024 It looks like this changed again with iOS 15. ECC is always the preferred opt= ion because it will perform a lot better. With Apple being generally very good and making sure that everyone is on the = latest software, we can probably drop the like for iOS 13 already. With macOS, the upgrade process seems to be somewhat slower and I have no ide= a what market shares those releases have. > Using the default configuration profile from IPFire, this is what StrongSwa= n Reports in the log: >=20 > charon: 08[CFG] selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MOD= P_1024=20 > charon: 07[CFG] selected peer config =E2=80=98MyConnection'=20 > charon: 07[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ=20 >=20 > If I modify the Configuration Profile to use 256 bit AES-CBC, though, then = ECP_521ends up getting used.=20 >=20 > charon: 05[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HM= AC_SHA2_256/ECP_521=20 > Feb 6 09:50:09 stream charon: 13[CFG] selected peer config 'TomMacOS'=20 > Feb 6 09:50:09 stream charon: 13[CFG] selected proposal: ESP:AES_GCM_16_25= 6/NO_EXT_SEQ=20 Yeah, Apple does not seem to give the user that many options. Just use the la= test stuff. Not the worst idea I would say. >=20 > Is that an improvement, or does the elimination of GCM actually set things = back? No, GCM is the way to go. -Michael >=20 > Tom --===============1814012185033630005==--