What encryption does FREEDOME use to secure the traffic?
FREEDOME uses strong encryption to encrypt all the network traffic.
Below you can find the exact technical details of the encryption parameters used:
For Android, Windows and macOS/OpenVPN:
- Control channel: TLS, 2048 bit RSA keys with SHA-256 certificates, AES-256-GCM
- Data channel: AES-128-GCM
iOS / IPSEC:
- IKEv1: AES-256 + HMAC-SHA2-256, 2048 bit RSA keys with SHA-256 certificates
- IKEv1 data channel: AES-128 + HMAC-SHA1
- IKEv2: AES_GCM_16_256, 2048 bit RSA keys with SHA-256 certificates
- IKEv2 data channel: AES_GCM_16_256
Diffie-Hellman key exchange is used for Perfect Forward Secrecy (PFS).
Note: The known SHA1 collision resistance issues are not relevant when the hash function is used for HMAC-SHA1. Using the SHA1 hash function in the HMAC algorithm does not require collision resistance.