Login

u/Due_Doctor_8206

▲ 8 r/networking

Replacing AES-CBC encryption with AES-GCM encryption for performance improvement

I read somewhere that by replacing AES-CBC with AES-GCM encryption may reduce SPU processing overhead by combining encryption and authentication into single hardware-accelerated operation.
My Question is:

  1. Is it safe to replace with AES-GCM on a production vpn tunnel without any known stability or security concerns on SRX1500 Platform?
  2. Is AES-GCM fully supported and stable on SRX1500 with junos version 22.4R3-S2.11 for site-to-site VPN?
  3. Will it cause any issues with existing HMAC-SHA256-128 authentication algorithm?
  4. Will AWS Site-to-Site VPN and SRX1500 AES-GCM proposal be fully interoperable?
reddit.com
u/Due_Doctor_8206 — 14 days ago