Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 6896 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Suite-B Encryption RFC6379 - Suite-B-GCM-128 / Suite-B-GCM-256

thomas_brewster
Does anyone have experience configuring IPSec to match the Suite B Cryptographic Suites for IPSec per RFC 6379?

If so what are your experiences compared to the built in AES-128 / AES-256 policies? Were performance issues noted, any connection problems?

RFC 6379 - Suite B Cryptographic Suites for IPsec

3.1.  Suite "Suite-B-GCM-128"

   This suite provides ESP integrity protection and confidentiality
   using 128-bit AES-GCM (see [RFC4106]).  This suite or the following
   suite should be used when ESP integrity protection and encryption are
   both needed.

   ESP:
     Encryption     AES with 128-bit keys and 16-octet Integrity
                      Check Value (ICV) in GCM mode [RFC4106]
     Integrity      NULL

   IKEv2:
     Encryption                   AES with 128-bit keys in CBC mode
                                    [RFC3602]
     Pseudo-random function       HMAC-SHA-256 [RFC4868]
     Integrity                    HMAC-SHA-256-128 [RFC4868]
     Diffie-Hellman group         256-bit random ECP group [RFC5903]

3.2.  Suite "Suite-B-GCM-256"

   This suite provides ESP integrity protection and confidentiality
   using 256-bit AES-GCM (see [RFC4106]).  This suite or the preceding
   suite should be used when ESP integrity protection and encryption are
   both needed.

   ESP:
     Encryption     AES with 256-bit keys and 16-octet ICV in GCM mode
                      [RFC4106]
     Integrity      NULL

   IKEv2:
     Encryption                   AES with 256-bit keys in CBC mode
                                    [RFC3602]
     Pseudo-random function       HMAC-SHA-384 [RFC4868]
     Integrity                    HMAC-SHA-384-192 [RFC4868]
     Diffie-Hellman group         384-bit random ECP group [RFC5903]


This thread was automatically locked due to age.
  • 0
    Thomas, please let us know how these differ from AES-128-PFS and AES-256-PFS.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thomas, please let us know how these differ from AES-128-PFS and AES-256-PFS.

    Cheers - Bob


    Bob,

    The particulars of the Suite B settings do not seem to match up with the predefined AES-128-PFS or AES-256-PFS settings. Most notably the authentication algorithm for the predefined policies used MD5 rather than SHA.  I would love some assistance in translating the Suite B setting requirements into Sophos/Astaro settings that match; specifically the IKE DH group settings and "16-octet ICV in GCM mode" for ESP.

    -Thomas

    AES-256 PFS
    Compression off, not using strict policy
    IKE: AES 256/MD5/Group 5: MODP 1536 Lifetime: 7800 s
    IPsec: AES 256/MD5/Group 5: MODP 1536 Lifetime: 3600 s

    AES-128 PFS
    Compression off, not using strict policy
    IKE: AES 256/MD5/Group 5: MODP 1536 Lifetime: 7800 s
    IPsec: AES 128/MD5/Group 5: MODP 1536 Lifetime: 3600 s

    3.1. Suite "Suite-B-GCM-128"

    ESP:
    Encryption AES with 128-bit keys and 16-octet Integrity
    Check Value (ICV) in GCM mode [RFC4106]
    Integrity NULL

    IKEv2:
    Encryption AES with 128-bit keys in CBC mode
    [RFC3602]
    Pseudo-random function HMAC-SHA-256 [RFC4868]
    Integrity HMAC-SHA-256-128 [RFC4868]
    Diffie-Hellman group 256-bit random ECP group [RFC5903]

    3.2. Suite "Suite-B-GCM-256"

    ESP:
    Encryption AES with 256-bit keys and 16-octet ICV in GCM mode
    [RFC4106]
    Integrity NULL

    IKEv2:
    Encryption AES with 256-bit keys in CBC mode
    [RFC3602]
    Pseudo-random function HMAC-SHA-384 [RFC4868]
    Integrity HMAC-SHA-384-192 [RFC4868]
    Diffie-Hellman group 384-bit random ECP group [RFC5903]
  • 0
    In V9.1, DH Group "20" (384-bit random ECP group) is not yet available.  I just posted a feature suggestion: IPsec: Add ECP256 and ECP384 (IKE DH Group 20) for Suite-B Compatibility.  Here's what I think the other selections would be:



    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thanks Bob. Now on to testing these Suite-B-GCM-128 / Suite-B-GCM-256 settings to see if we note any significant performance degradation as a result.

    Regards,
    Thomas
  • 0
    Thomas, the UTM can't do a Suite-B tunnel because IKE DH Group 20 is not available.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML