Correct.
On 09.11.2017 21:38, Jafar Al-Gharaibeh wrote:
> Noel,
>
> Thank you for the quick response. I did search through the documentation
> and also the source code, but didn't find definitive answers to my questions.
> Do you have some pointers?
>
> I did see this in the man page which addresses my last question:
>
> charon.plugins.openssl.engine_id [pkcs11]
> ENGINE ID to use in the OpenSSL plugin.
>
> charon.plugins.openssl.fips_mode [0]
> Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B
> enabled(2).
>
>
> So, are these the only available options?
>
> Thank you in advance,
> Jafar
>
> On 11/9/2017 2:29 PM, Noel Kuntze wrote:
>> Use the power of documentation (man pages).
>>
>> On 09.11.2017 21:22, Jafar Al-Gharaibeh wrote:
>>> Hi,
>>>
>>> I am compiling StrongSwan with these options:
>>>
>>> --enable-openssl #enables the OpenSSL crypto plugin.
>>> #--enable-rdrand # don't enable Intel RDRAND random generator plugin.
>>> --disable-random #disable RNG implementation on top of /dev/(u)random.
>>>
>>> Looking through the code, OpenSSL plugin itself provides an RNG plugin so I
>>> thought the above configuration
>>> will make sure I'm using the OpenSSL RNG. Is my assumption correct?
>>>
>>> what if I enable rdrand above does that become the default for all random
>>> numbers used by strongswan ignoring OpenSSL's RNG?
>>>
>>> Does enabling those other RNG plugins have any effect on OpenSSL itself?
>>> I.e is there a way to set OpenSSL's RNG directly from Strongswan?
>>>
>>> For OpenSSL (and other plugins), where do I find a list of all supported
>>> configuration options? for example I found the following example on
>>> strongswan website, what other options I can set/unset there?
>>>
>>> charon {
>>> load_modular = yes
>>> interfaces_use = eth0
>>> plugins {
>>> openssl {
>>> fips_mode = 0
>>> }
>>> include strongswan.d/charon/*.conf
>>> }
>>> }
>>>
>>>
>>>
>>> Many Thanks,
>>> Jafar
> 
signature.asc
Description: OpenPGP digital signature
