<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi,<br>
<br>
I am compiling StrongSwan with these options:<br>
<br>
--enable-openssl #enables the OpenSSL crypto plugin.
<br>
#--enable-rdrand # don't enable Intel RDRAND random generator
plugin.<br>
--disable-random #disable RNG implementation on top of <i
class="moz-txt-slash"><span class="moz-txt-tag">/</span>dev<span
class="moz-txt-tag">/</span></i>(u)random.<br>
<br>
Looking through the code, OpenSSL plugin itself provides an RNG
plugin so I thought the above configuration <br>
will make sure I'm using the OpenSSL RNG. Is my assumption
correct? <br>
<br>
what if I enable rdrand above does that become the default for all
random numbers used by strongswan ignoring OpenSSL's RNG? <br>
<br>
Does enabling those other RNG plugins have any effect on OpenSSL
itself? I.e is there a way to set OpenSSL's RNG directly from
Strongswan?<br>
<br>
For OpenSSL (and other plugins), where do I find a list of all
supported configuration options? for example I found the following
example on strongswan website, what other options I can set/unset
there?<br>
<br>
<pre style="box-sizing: border-box; font-family: Consolas, Menlo, "Liberation Mono", Courier, monospace; margin: 1em 1em 1em 1.6em; padding: 8px; background-color: rgb(250, 250, 250); border: 1px solid rgb(226, 226, 226); border-radius: 3px; width: auto; overflow-x: auto; overflow-y: hidden; color: rgb(54, 0, 12); font-size: 12.6px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">charon {
load_modular = yes
interfaces_use = eth0
plugins {
openssl {
fips_mode = 0
}
include strongswan.d/charon/*.conf
}
}</pre>
<br>
<br>
<br>
Many Thanks,<br>
Jafar<br>
</body>
</html>