What about?
what if I enable rdrand above does that become the default for all random
numbers used by strongswan ignoring OpenSSL's RNG?
Does enabling those other RNG plugins have any effect on OpenSSL itself? I.e is
there a way to set OpenSSL's RNG directly from Strongswan?
On 11/9/2017 2:39 PM, Noel Kuntze wrote:
Correct.
On 09.11.2017 21:38, Jafar Al-Gharaibeh wrote:
Noel,
Thank you for the quick response. I did search through the documentation and
also the source code, but didn't find definitive answers to my questions. Do
you have some pointers?
I did see this in the man page which addresses my last question:
charon.plugins.openssl.engine_id [pkcs11]
ENGINE ID to use in the OpenSSL plugin.
charon.plugins.openssl.fips_mode [0]
Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B
enabled(2).
So, are these the only available options?
Thank you in advance,
Jafar
On 11/9/2017 2:29 PM, Noel Kuntze wrote:
Use the power of documentation (man pages).
On 09.11.2017 21:22, Jafar Al-Gharaibeh wrote:
Hi,
I am compiling StrongSwan with these options:
--enable-openssl #enables the OpenSSL crypto plugin.
#--enable-rdrand # don't enable Intel RDRAND random generator plugin.
--disable-random #disable RNG implementation on top of /dev/(u)random.
Looking through the code, OpenSSL plugin itself provides an RNG plugin so I
thought the above configuration
will make sure I'm using the OpenSSL RNG. Is my assumption correct?
what if I enable rdrand above does that become the default for all random
numbers used by strongswan ignoring OpenSSL's RNG?
Does enabling those other RNG plugins have any effect on OpenSSL itself? I.e is
there a way to set OpenSSL's RNG directly from Strongswan?
For OpenSSL (and other plugins), where do I find a list of all supported
configuration options? for example I found the following example on strongswan
website, what other options I can set/unset there?
charon {
load_modular = yes
interfaces_use = eth0
plugins {
openssl {
fips_mode = 0
}
include strongswan.d/charon/*.conf
}
}
Many Thanks,
Jafar