Correct. On 09.11.2017 21:38, Jafar Al-Gharaibeh wrote: > Noel, > > Thank you for the quick response. I did search through the documentation > and also the source code, but didn't find definitive answers to my questions. > Do you have some pointers? > > I did see this in the man page which addresses my last question: > > charon.plugins.openssl.engine_id [pkcs11] > ENGINE ID to use in the OpenSSL plugin. > > charon.plugins.openssl.fips_mode [0] > Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B > enabled(2). > > > So, are these the only available options? > > Thank you in advance, > Jafar > > On 11/9/2017 2:29 PM, Noel Kuntze wrote: >> Use the power of documentation (man pages). >> >> On 09.11.2017 21:22, Jafar Al-Gharaibeh wrote: >>> Hi, >>> >>> I am compiling StrongSwan with these options: >>> >>> --enable-openssl #enables the OpenSSL crypto plugin. >>> #--enable-rdrand # don't enable Intel RDRAND random generator plugin. >>> --disable-random #disable RNG implementation on top of /dev/(u)random. >>> >>> Looking through the code, OpenSSL plugin itself provides an RNG plugin so I >>> thought the above configuration >>> will make sure I'm using the OpenSSL RNG. Is my assumption correct? >>> >>> what if I enable rdrand above does that become the default for all random >>> numbers used by strongswan ignoring OpenSSL's RNG? >>> >>> Does enabling those other RNG plugins have any effect on OpenSSL itself? >>> I.e is there a way to set OpenSSL's RNG directly from Strongswan? >>> >>> For OpenSSL (and other plugins), where do I find a list of all supported >>> configuration options? for example I found the following example on >>> strongswan website, what other options I can set/unset there? >>> >>> charon { >>> load_modular = yes >>> interfaces_use = eth0 >>> plugins { >>> openssl { >>> fips_mode = 0 >>> } >>> include strongswan.d/charon/*.conf >>> } >>> } >>> >>> >>> >>> Many Thanks, >>> Jafar >
signature.asc
Description: OpenPGP digital signature