The AES-CBC Cipher Algorithm and Its Use with IPsec
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
S. Frankel, R. Glenn, S. Kelly · 2003-09
Abstract
This document describes the use of the Advanced Encryption Standard (AES) Cipher Algorithm in CBC mode with an explicit Initialization Vector (IV) as a confidentiality mechanism within the context of the IPsec Encapsulating Security Payload (ESP). AES-CBC with 128-bit, 192-bit, and 256-bit key lengths is specified.
Why This RFC Matters
RFC 3602 brought AES into the IPsec ecosystem at a time when DES and 3DES were the dominant cipher choices, providing a NIST-standardized algorithm with significantly better security-to-performance characteristics. The CBC mode specification with an explicit IV prevents certain block-reuse attacks while remaining straightforward to implement in hardware and software. This RFC effectively accelerated the deprecation of weaker ciphers in VPN deployments and is still referenced in modern IKEv2/IPsec implementations that list AES-CBC as a supported transform.