Hello Andreas Our security department is insisting that strongswan validate the nonce parameter when received.
Is there a way strongswan can accommodate this request. If not we need a way to disable OCSP. Thanks -----Original Message----- From: Modster, Anthony Sent: Friday, November 8, 2019 9:50 AM To: Tobias Brunner <[email protected]>; [email protected] Subject: RE: [strongSwan] OCSP nonce parameter ? is there a possibility of a patch to allow checking the received nonce -----Original Message----- From: Tobias Brunner <[email protected]> Sent: Thursday, November 07, 2019 11:27 PM To: Modster, Anthony <[email protected]>; [email protected] Subject: Re: [strongSwan] OCSP nonce parameter ---External Email--- Hi Anthony, > When using OCSP, ? is the nonce parameter always set. Yes, the x509 plugin always adds a random nonce. It doesn't seem to be used/checked later, though. Regards, Tobias
