From c7fead56ed91e8354363d2a6ee570fb98e1e0f55 Mon Sep 17 00:00:00 2001 From: Jack Ivanov Date: Wed, 5 Apr 2017 22:10:23 +0200 Subject: [PATCH] modify ciphers #247 --- roles/vpn/defaults/main.yml | 11 ++++------- roles/vpn/templates/mobileconfig.j2 | 4 ++-- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/roles/vpn/defaults/main.yml b/roles/vpn/defaults/main.yml index 90cc7aa6..bc0b9a6e 100644 --- a/roles/vpn/defaults/main.yml +++ b/roles/vpn/defaults/main.yml @@ -21,12 +21,9 @@ strongswan_enabled_plugins: - x509 ciphers: - old: - ike: aes128gcm16-sha2_256-prfsha256-ecp256! - esp: aes128gcm16-sha2_256-ecp256! defaults: - ike: aes192gcm16-prfsha512-ecp521! - esp: aes192gcm16-ecp521! + ike: aes128gcm16-sha2_512-prfsha512-ecp256! + esp: aes128gcm16-sha2_512-ecp256! windows: - ike: aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048! - esp: aes128gcm16-sha2_256-ecp256,aes256-sha2_256-modp2048! + ike: aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048! + esp: aes128gcm16-sha2_512-ecp256,aes128-sha2_256-modp2048! diff --git a/roles/vpn/templates/mobileconfig.j2 b/roles/vpn/templates/mobileconfig.j2 index 823a94cc..811e612f 100644 --- a/roles/vpn/templates/mobileconfig.j2 +++ b/roles/vpn/templates/mobileconfig.j2 @@ -64,7 +64,7 @@ EncryptionAlgorithm AES-128-GCM IntegrityAlgorithm - SHA2-256 + SHA2-512 LifeTimeInMinutes 20 @@ -85,7 +85,7 @@ EncryptionAlgorithm AES-128-GCM IntegrityAlgorithm - SHA2-256 + SHA2-512 LifeTimeInMinutes 20