[openstack-community] [neutron] Adding support for elliptic curve in DH groups for key agreement protocol

Matúš Brandys matus.brandys at vnet.eu
Mon Apr 19 13:34:05 UTC 2021


Hi everyone,

I was looking at neutron VPN implementation and found out that the 
current neutron implementation supports only creating VPN using DH up to 
group 15.

For example, strongswan drivers support except regular group also 
Elliptic Curve Groups also NIST and Brainpool Elliptic Curve Groups.
https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites#Diffie-Hellman-Groups.

I would like to know, if there is some limitation using Elliptic Curve 
groups for VPN or is this only an implementation issue?

Thanks,

Matus



More information about the openstack-discuss mailing list