Hi Martin, Relative to our prior questions on NIST SP 800-131a compliance, your prior answer basically said to use the connection configuration definition to specify compliant algorithms and to use compliant certificates for authentication which we understand and agree with, but there is a bit more to the standard. Here are a few more questions:
1. Does strongSwan inherently use any cryptographic functions for any reason that are not controlled through the connection configuration definition? 2. SP 800-131a refers to SP 800-90A for DRNG (PRNG) algorithms which refers to SP 800-90B for entropy sources and SP 800-90C for DRNG construction with SP 800-90A and SP 800-90B definitions. a. Is the PRNG in your default cryptographic library compliant with these standards? b. What is the entropy source for your PRNG and do you manage the PRNG per these standards requirements? 3. SP 800-131a's definition implies the use of TLS 1.2 interfaces. Do you know of any reason we cannot configure a connection with this protocol? 4. We are running on StrongSwan 4.6.1. Do you know of any limitations of this level relative to this discussion? 5. I am not particularly expert on your connection configuration files, and I am wondering whether this file lets you control things such the TLS level and the mechanism for key exchange. I see there lists of these in the StrongSwan.Config and that you can over-ride this. Is this where you would effect this level of control? For example, say we wanted to limit all connections to TLS 1.2 or say we wanted to limit a specific connection to TLS 1.2 but allow other connections to use TLS 1.2 or lower levels of TLS? Regards, Dale From: Martin Willi <[email protected]> To: Dale H Anderson/Tucson/IBM@IBMUS Cc: [email protected] Date: 01/16/2013 01:37 AM Subject: Re: [strongSwan-dev] NIST SP800-131a Hi Dale, > 1. Does strongSwan 4.6.1 comply with NIST SP800-131a? I haven't read that spec in detail, but it seems that it just defines algorithms and key lengths to use for "acceptable" operation. strongSwan can support many of these algorithms and key lengths, it's just a matter of configuration. Make sure to define the algorithms you require in your connections in the "esp" and "ike" proposal keywords, and append a '!' to disable others (man ipsec.conf for details). If you are using certificates, generate the the keys with appropriate key length and sign the certificates with the required hashing algorithms. So yes, it should be possible to configure strongSwan for NIST SP800-131a compliance (but it is also possible to configure it to violate this spec). > If the answer is no to all three questions, then we will look into using > the OpenSSL or libgcrypt routines with strongSwan. I don't think that the selection of the crypto backend matters, you can use weak algorithms or key lengths with any backend. Regards Martin
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
