Use the power of documentation (man pages).
On 09.11.2017 21:22, Jafar Al-Gharaibeh wrote:
> Hi,
>
> I am compiling StrongSwan with these options:
>
> --enable-openssl #enables the OpenSSL crypto plugin.
> #--enable-rdrand # don't enable Intel RDRAND random generator plugin.
> --disable-random #disable RNG implementation on top of /dev/(u)random.
>
> Looking through the code, OpenSSL plugin itself provides an RNG plugin so I
> thought the above configuration
> will make sure I'm using the OpenSSL RNG. Is my assumption correct?
>
> what if I enable rdrand above does that become the default for all random
> numbers used by strongswan ignoring OpenSSL's RNG?
>
> Does enabling those other RNG plugins have any effect on OpenSSL itself? I.e
> is there a way to set OpenSSL's RNG directly from Strongswan?
>
> For OpenSSL (and other plugins), where do I find a list of all supported
> configuration options? for example I found the following example on
> strongswan website, what other options I can set/unset there?
>
> charon {
> load_modular = yes
> interfaces_use = eth0
> plugins {
> openssl {
> fips_mode = 0
> }
> include strongswan.d/charon/*.conf
> }
> }
>
>
>
> Many Thanks,
> Jafar
signature.asc
Description: OpenPGP digital signature
