Hello,

Are there any plans to support Diffie Hellman Groups 19 to 21 (ecp256, ecp384, ecp521)?

There is support for DH15-18, which - according to Cisco - offer acceptable and good security. (Source: http://www.cisco.com/c/en/us/about/secu ... raphy.html)
I understand however that DH15-18 requires more processing power than DH19-21.
Perhaps on the mikrotik, this doesn't pose such an issue, since it's dedicated for this purpose, but on other devices, this could be an issue.
Therefore I believe it would be nice to have support for DH19-21.

Windows does not support DH15-18, but supports DH19-20 (ref https://technet.microsoft.com/en-us/lib ... .630).aspx).

FYI: those that are interested, can found a nice overview of different Cipher Suites at https://wiki.strongswan.org/projects/st ... pherSuites

Kind regards,
Bert

Hi BertV,

The processing power and implementation of handling the encryption (single core) is here a real problem.
Not to troll but, I hope not to add new crypto features without resolving the core issues with the usage of the existing ones.

One can have 12+ cores, but if for a single tunnel and everything in it, is used just 1 core and the hw encryption accel performance is just little bit over the software emulated one, there is no real practical case use scenario which is can uphold the purchased cost of the hardware and the lack of performance .

For the problem with the IPSEC throughput, was suggested the use of "multiple streams" to push the multi core usage, but even with a separate 4 IPSEC with EoIP for each of them, the bandwidth is miserable (CCR1009 6.40rc4) this dream was not yet possible.
.
Just look at viewtopic.php?f=1&t=121315 or other countless open treads from 4 years ago.

Kind regards.

Although I'm not a cryptographic specialist (nor a programmer), I understand that Elliptic Curve Cryptography should be more efficient. (source: http://www.cisco.com/c/en/us/about/secu ... phy.html#9). The implementation of DH19-21 (which use ECC) could possibly improve throughput, while lower the resource usage at the same time.

(Almost) all commercial firewall vendors support DH14, some have support for DH15, almost none support DH16-18, and the decent ones have support for DH19-21.
I guess they're also strungling with performance issues, and therefore have skipped DH16-18.

I have a VPN requirement that specifies that DH19 must be used. Are these ECC modes ever likely to available? Performance is not overly a concern as the data to be transmitted is only small.

I have a VPN requirement that specifies that DH19 must be used. Are these ECC modes ever likely to available?

They are already available in 6.41rc.

Performance is not overly a concern as the data to be transmitted is only small.

ECC modes are usually faster than traditional DH. But either way, DH is only used for handshake (key exchange), not for actual data transfer.

They are now officially supported! Kudos to the devs!

What's new in 6.41 (2017-Dec-22 11:55):
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;

Great news!

Thanks.