Hello, Regarding using libreswan in FIPS mode... Is all of the encryption done using XFRM in kernel space ? Would that mean that all crypto (C/asm) code is located in the kernel ? IS there any plug-in alternative to use OpenSSL instead ? I'm asking because of the overhead (time and money) that could be required to have the kernel crypto code validate under FIPS. Whereas OpenSSL is already validated. OTOH, going through OpenSSL would have a (significant) impact on performance. Any thoughts about libreswan and FIPS validation ?
Regards. _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
